#3952 Senior Engineer - SOC (L2 ) Analysis - SANS Certified

Role:

Work on multiple Solutions include SIEM, SOAR, Log management, EDR and vulnerability management solutions and possibly other Security components to investigate and response to security related incidents and alerts.

Roles and Responsibilities:

• Triage and Investigate the assigned Incidents.
• Create incident reports Include all the investigation steps, lessons learned and recommended actions.
• Modify the use cases for false positive incidents.
• Create and modify use cases, dashboards and reports.
• Threat hunting.
• Integrating with threat intelligence feeds.
• Evaluating security products.
• Vulnerability assessment and penetration testing.
• Creating and modifying Runbooks for L1 and NOC then follow up on their execution.
• Develop and write reports that analyze the Threat and IoCs with impact and recommended actions.
• Provide communication and escalation throughout the incident per the SOC guidelines.
• Communicates directly with the data asset owners and business response plan owners during high severity incidents.
• Performs analysis of log files from different log sources.
• Responsible for support issues from beginning to end and follow the documented escalation procedures.
• Manages and assures threat feeds are received, aggregated, reviewed, and acted upon accordingly.

Experience and Qualifications:

• 4+ years of hands on experience in Information Security domain.
  
• 3+ years of experience in SOC NOC environments.
• Expert knowledge in in SIEM solutions:
• o Creating use cases, dashboards, reports.
• o Integrating with threat intelligence feeds.
• o Running complex queries.
• Advanced hands on experience on vulnerability assessment and penetration testing.
• Advanced knowledge about network attacks such as DoS and their countermeasures.
• Advanced knowledge about Web Application Attacks and their countermeasures.
• Advanced knowledge about hacking tools and their capabilities such as NMAP, Metasploit, etc...
• Advanced Scripting knowledge for configuring automation.
• Advanced knowledge about attack kill chain and incident response procedures.
• Advanced Knowledge about Windows and Linux/Unix OSes.
• Moderate Knowledge about forensic Investigation
• Strong analytical skills which is used in threat hunting and in incident investigation.
• Experience in MSSP is advantageous
• Experience in multiple SIEM solutions (Splunk, QRadar, Elastic search)

Must have:

• SANS SEC 503 training
• CEH Certified
• CHFI Certified

Good to have:

• +6 Years in Security / +4 years in SOC Operation.
• GIAC Certified Incident Handler (GCIH)
• SANS FOR508 Advanced Digital Forensics, Incident Response, and threat hunting (GCFA).
• SANS FOR610 Reverse Engineering Malware : Malware Analysis Tools and Techniques (GREM).
• OSCP.
• University degree in Computer Science/ Information Technology from a recognized university.