SOC Lead

Location: Dubai, United Arab Emirates
Salary: competitive
Job Type: Contract
Apply for this Job

Job Title: SOC Analyst - Level 3

Job Description The primary function of an L3 Analyst is to ensure that the SOC team is performing its functions as required and to trouble shoot problematic incidents and events. In summary, the L3 Analyst shall also act as the technical SME and shall report technically to the L4 Analyst.

Responsibilities

  • Work collaboratively with Account Manager for Client relations
  • Track incident detection and closure.
  • Execute risk hunting activities
  • Undertake forensic investigations
  • Act as subject matter expert and expert witness where required
  • General intelligence advisories and delegate intelligence aggregation tasks to L2
  • Generate new use cases for emerging threats
  • Conduct incident response coordination with customer
  • Validation of security incidents
  • Conduct audits of logging and correlation
  • Conduct monthly security use case review and correlation audits
  • Use of sandbox, honeypot, analytics tools and security testing
  • Escalation Management
  • Ensure process compliance
  • Ensure quality of investigations and notification and direct L2 and L1 accordingly
  • Report deviations to SOC manager and L4
  • Ensure SLA compliance for projects within remit
  • Perform deep analysis to security incidents to identify the full kill chain
  • Respond to client's requests, concerns and suggestions
  • Act as subject matter expert for different clients
  • Provide knowledge to L1 and L2 such as guides, cheat sheets etc
  • Follow up with the recommendations to the client to contain an incident or mitigate a threat
  • Conduct presentations and updates to the client
  • Respond to incident escalations and provide solid recommendations
  • Update aging incidents and requests
  • Track SOC performance in terms of SLAs and incidents quality
  • Review vulnerability assessment reports with the client and provide necessary recommendations
  • Configure and maintain vulnerability scanners policies and reports
  • Conduct threat hunting exercises on LogRhythm and CB platforms
  • Conduct penetration testing on web applications, mobile applications, servers (Windows/Linux) and wireless infrastructure
  • Develop and improve processes for monitoring and incident qualification
  • Perform quarterly evaluation for L1 and L2 analysts and report feedback to SI management
  • Participate in professional services (internal and external penetration testing, wireless assessments, web and mobile application assessments, firewall and server security audits, social engineering exercises, security awareness programs etc.)
  • Perform threat intelligence analysis and investigations. Search on the darkweb and using other platforms such as RF to identify intelligence indicators or threats for a specific client
  • Create reports for threat intelligence as a service

Essential Skills

  • Experience with Security Information Event Management (SIEM) tools, creating advanced co-relation rules, administration of SIEM, system hardening, and Vulnerability Assessments
  • Should have expertise on TCP/IP network traffic and event log analysis
  • Knowledge and hands-on experience with LogRhythm, QRadar, Arcsight, Mcafee epo, NetIQ Sentinel or any SIEM tool
  • Knowledge of ITIL disciplines such as Incident, Problem and Change Management
  • Configuration and Troubleshooting experience on Checkpoint, Cisco, Fortigate, PaloAlto and Sonicwall firewalls would be an added advantage
  • Knowledge and hands-on experience of implementation and management of IDS/IPS, Firewall, VPN, and other security products

Additional Desired Skills

  • Strong verbal and written English communication
  • Strong interpersonal and presentation skills
  • Ability to work with minimal levels of supervision
  • Willingness to work in a job that involves 24/7 operations

Education Requirements & Experience

  • Bachelors in Computer Science/IT/Electronics Engineering, M.C.A. or equivalent University degree
  • Minimum of 8 to 10 years of experience in the IT security industry, preferably working in a SOC environment
  • Certifications: GCIH, CCNA, CCSP, CEH

Sthree UAE is acting as an Employment Business in relation to this vacancy.

Apply for this Job