SOC Engineer (Tier 1/2)

As the SOC Analyst, you will support the outsourced Security Operations Centre (SOC) with monitoring, analysing and triage activities. You will ensure all incidents are investigated, contained and remediated, as well as prevent the future re-occurrence of identified malicious traffic or incidents.

Daily Operations

• Triaging, investigating and management of ongoing Cyber Security Incidents
• Day to day management of the NDR, EDR and SOAR platform
• Support in the creation of operational documents such as- use cases, play/run books and training materials) on incident response and ensures regular updating of these documents
• Support in the creation of various metrics, reporting, review of incident progress and compliance status
• Support Regional Security Operations to ensure the Security posture of business units are under proper measure, monitor and manage

SOC Incident response

• Support the SOC Manager on incident management and remediation
• Manage incidents
• Report on incidents
• Assist on developing new ideas on how to improve the security operations, creates technical procedures, handling guidelines and playbooks
• Where appropriate working with the global SOC responding and resolving events generated by the SIEM

Forensics and Malware

• Conduct Forensic investigations to facilitate such things as root cause analysis, evidence of malicious insider and data breaches
• Investigate Malicious files and package to ensure RCA, and be able to provide those findings to the relevant stakeholders to further secure our environment

Security Projects & Deployments

• Supports in the implementation of the SOC, its security tooling and the resourcing
• Supports other projects at the discretion of the Head of IT Security

Requirements:

Person Specification

• Degree holder in Computer Science or related disciplines, or appropriate extensive experience
• GIAC Cyber Security Cert or CISSP qualification is a big plus
• At least three to five years’ experiences in Information Security
• Proficient in utilising Splunk within a SOC and Incident Response environment
• Experienced with Endpoint/Network Detection and Response, preferably Crowdstrike and Vectra
• A sound understanding and working experience of Security Orchestration and Response tooling, preferably Cortex XSOAR
• Hands on Cyber security incident management within a SOC environment
• Strong problem-solving skills and fast learner
• Solid experiences on Information Security Management System and IT Service management
• Liaison skill & teamwork, passion & commitment mentality
• Good interpersonal and communication skills
• Fluent in spoken and written English

Technical Requirements

• A sound understanding and knowledge of using Splunk in a SOC environment
• Broad knowledge of cyber security concepts including antivirus and malware protection, vulnerabilities, web and application security

• Solid support experiences of enterprise security tools such as Enterprise Anti-virus, Vulnerability Management, EDR, SIEM, SOAR and other supporting tools
• Well experienced in security incident handling
• Experience in various ticketing tools