The SOC analyst is part of KL SOC team engaged in continues security monitoring, incident response and cyber threat hunting.
Principle Responsibilities
-
Analyze security events from endpoints (Windows, Mac, Linux), Network IDS, Web-proxies, Mail-gateways, Active Directory infrastructure
-
Detect and investigate information security incidents
-
Propose Incident response actions and remediation plan.
-
Identification of potential vectors of attacks, develop detection methods of these attacks by existing technological solutions
-
Adjust detection logic to fit Customer needs (filter out false positives, customize correlation rules, etc)
-
Communicate with Customers regarding detected incidents and suspicious activities.
Mandatory skills
-
Practical experience in the identification and investigation of information security incidents, development of recommendations to prevent similar incidents in the future
-
Understanding of the methods, tools and processes to respond to information security incidents
-
Experience in network traffic and log-files analysis from various sources
-
Knowledge of current threats, vulnerabilities, typical of attacks on information systems and tools to implement them, as well as methods for their detection and response
-
Knowledge of network protocols, the architectures of modern operating systems and information security technologies
Other requirements
-
Experience in work with ELK stack is welcome
-
Certifications (Offensive Security, GIAC) are welcome