SOC Analyst – Tier 1

SOC Analyst – Tier 1


Role and Responsibilities

  • Work as a Cyber SOC Tier 1 Analyst in DTS Solution – HawkEye CSOC cyber command center.
  • The security analyst Tier 1 monitors security events from the various SOC entry channels (SIEM, Tickets, Email and Phone), based on the security event severity, escalate to managed service support teams, tier 2 security analyst, and/or customer as appropriate to perform further investigation and resolution.
  • Reviews trouble tickets generated by SIEM Leverages emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attack.
  • Reviews and collects asset data (configs, running processes, etc.) on systems for further investigation.
  • Will actively monitor security threats and risks, provide in-depth incident analysis, evaluate security incidents, and will provide proactive threat research.
  • Work closely with the Tier 2 Analyst to assess risk and provide recommendations for improving DTS Solution - HawkEye CSOC’s customer security posture.
  • Participate in security incident management and vulnerability management processes. Identify, perform, review or track security incident investigations to resolution and identify lessons learnt.
  • Identify, perform or review root cause analysis efforts following incident recovery to enhance operations.
  • Participate in evaluating, recommending, implementing, and troubleshooting security. solutions and evaluating IT security of the new IT Infrastructure systems.
  • Ensure that corporate data and technology platform components are safeguarded from known threats.
  • Develop, implement and test new SIEM use cases. Regularly identify and develop new use cases for automation and tuning of security tools
  • Provide technical guidance to the customer’s technical teams during the configuration of new log sources.
  • Understanding and implementing the SOC processes and procedures.
  • Follow standard operating procedures for detecting, classifying, and reporting.
  • Triage events for criticality and escalate according to predefined processes incidents under the supervision of Tier 2 and Tier 3 staff.
  • Communicate effectively with customers, team-mates, and management.
  • Provide input on tuning and optimization of security systems.
  • Follow ITIL practices regarding incident, problem and change management.
  • Document and maintain customer build documents, security procedures and processes.
  • Stay up to date with current vulnerabilities, attacks, and countermeasures.
  • Reviews the latest alerts to determine relevancy and urgency.
  • Creates new trouble tickets for alerts that signal an incident and require Tier 2 / Incident Response review.
  • Manages and configures security monitoring tools (SIEM, SYSLOG, NETFLOW, FIM, SYSMON etc.)

Qualifications

  • 3+ years of experience of network/security architecture or operations experience
  • Experience working on specific SOC/SIEM platforms
  • Excellent experience in Elastic (ELK), Splunk, Wazuh, LogRhythm
  • Experience in SOAR technologies – Demisto, Cybersponse, FortiSOAR, Swimlane
  • Excellent experience in MDR or EDR
  • Experience in using security tools – commercial and open source
  • Experience in defensive technologies – NGFW, AV, VPN, IPS, NETFLOW, DAM, WAF, Proxy, Web Filtering etc. Ability to inspect using PCAP files.
  • Knowledge with Threat Hunting and MITRE ATT&CK Methodology

Certifications

  • GIAC Certified Intrusion Analyst (GCIA)
  • GIAC Certified Enterprise Defender (GCED) issued by GIAC
  • GIAC Certified Incident Handler (GCIH) issued by GIAC
  • Certified Ethical Hacker (CEH) issued by EC-Council
  • CCNA, CCNP, MCSE

Role Type: Full Time

Location: Dubai, United Arab Emirates

If you meet the above requirements, please send your CV to hr@dts-solution.com.