The Level 2 SOC Analyst performs individual tasks consistently and at an exemplary standard and is able to mentor Level 1 SOC Analysts in SOC processes and procedures.
Responsibilities
- Deliver security-based operational support for clients, in line with documented process and timeframe
- Classify and prioritize incidents based on established criteria
- Review the collected data and additional requested log sources then provide tactical recommendations
- Escalate any potential high visibility incident
- Handle communication to a mix of technical and non-technical client audience
- Research Threat or Security related news that could potentially impact a client
- Proactive hunting for threats in large volumes of data
- Generate scan schedules for vulnerability management and contribute to risk adjusted assessments
- Create custom reports based on the data gathered on a weekly/monthly basis
- Knowledgeable in updating a use case or playbook
- Document processes and process improvements
- Provide analytical and technical support to solve a wide range of complex security issues
- Raise support tickets and take ownership of issues through to completion
- Participate in open communication between team members
- Additional tasks will be given as the individual grows their skill
Key Competencies & Experience:
- Degree in computer science or equivalent certifications/qualifications.
- Minimum 2 years of cyber security operations experience.
- Understanding of the different occurrences of incidents, scenarios and situations, including an understanding of evolving threat tactics, techniques and procedures.
- Good understanding and experience in either Incident Response, Vulnerability Management, Security Operations or Cyber Threat Intelligence.
- Good understanding of the cyber security landscape and security concepts.
- Good understanding of common protocols
- Good understanding of security event triage and incident handling processes
- Good understanding of packet analysis
- Foundational understanding of malware analysis
- Foundational understanding of vulnerability management, including scanning and reporting Foundational understanding in security architecture.
- Good understanding in the use of Security Information and Event Management and Endpoint Detection and Response tools is highly desirable.
Skills and Attitudes:
- Willing to work in 24 x 7 environment.
- Commitment to continual improvement, education, personal development and a willingness to learn.
- Strong troubleshooting skills and ability to manage issues through to resolution.
- Maintains strong attention to detail in high-pressure situations.
- Ability to explain in written and spoken English.
- Strong ambition and ability to develop and expand cyber security services and product support.
