SOC Analyst Tier 3

Johannesburg, South Africa

Job Type

Permanent

About the Company

We are currently looking for a SOC Analyst Tier 3

About the Role

The Security Operations Centre will provide defense against security breaches and actively isolate and mitigate security risks. The Tier 3 SOC Analyst forms part of the security operations centre SOC team. The SOC Team will identify, analyse, and react to cyber security threats using a reliable set of processes and security technologies. The SOC Team includes the SOC Manager, SIEM Platform Manager, Case Manager, Tier 1 SOC Analysts, Tier 3 SOC Analyst, and Security Engineers. They work with IT operational teams to address security incidents and events quickly. The SOC Team will provide a critical layer of analysis needed to seek out any irregular activity that could suggest a security incident.

Requirements

ROLE AND DELIVERY RESPONSIBILITIES

The job role includes actively participating in the incident detection process as follows

  • Possesses in-depth knowledge of network, endpoint, threat intelligence, forensics and malware reverse Analysis, as well as the functioning of specific applications or underlying IT infrastructure

  • Acts as an incident “hunter,” not waiting for escalated incidents

  • Closely involved in developing, tuning, and implementing threat detection analytics

  • Acts as the escalation for Tier 1 and 2 SOC Analysts

  • Responds to and oversees the remediation of a declared security incident

  • Completes the Root Cause Analysis Report for P1 to P4

  • Provides guidance to Tier 1 and 2 SOC Analysts

  • Act as Team Leader of Tier 1 and 2 SOC Analysts

  • Uses threat intelligence such as updated rules and Indicators of Compromise (IOCs) to pinpoint affected systems and the extent of the attack

  • Monitors shift-related metrics ensuring applicable reporting is gathered and disseminated to the SOC Manager

  • Make recommendations to the SOC Manager

  • Oversees the analysis on running processes and configs on affected systems

  • Undertakes in-depth threat intelligence analysis to find the perpetrator, the type of attack, and the data or systems impacted

  • Oversees the containment and recovery

  • Oversees the deep-dive incident analysis by correlating data from various sources

  • Validates if a critical system or data set has been impacted

  • Provides support for analytic methods for detecting threats

  • Conducts advanced triage based on defined run books of alerts

  • Undertakes threat intelligence research if need be

  • Validates false positives, policy violations, intrusion attempts, security threats and potential compromises

  • Undertakes security incident triage to provide necessary context prior to escalating to relevant Security Specialists to perform deeper analysis when necessary

  • Further analyses alarms by method e.g. credentials compromised and by asset class

  • Based on the correlation rules and alarms within the SIEM and run books, further analyses anomaly tactic using the MITRE ATT&CK framework

  • Hunts for threats via advanced EDR features with IOC and YARA indicators - across Windows, macOS, and Linux systems

  • Analyses event and process metadata in real-time or retrospectively, and identify suspicious files/scripts seen for the first time

  • Closes tickets in the SIEM platform – this would be automatically created into Service Now

  • Manages security incidents using the SIEM platform and defined operational procedures

  • Performs a further investigation of potential incidents, and escalate or close events as applicable

  • Validates investigation results, ensuring relevant details are passed on to Tier 2 SOC Level 2 for further event analysis

  • Closes out deeper analysis and review activities

  • Assist senior SOC staff with operational responsibilities


KEY PERFORMANCE INDICATORS

KPI’s

  • SIEM Security Appliance Operations Management

  • Support and Administration

  • Policy Management

  • Platform Monitoring

  • Standard Reporting

  • Service Level Management

  • Various Security platforms administration and configuration, policy configuration

  • Security platforms with SIEM integration and participate in the security incident and event investigations and remediation

  • Maintain and Secure Active Directory

  • Create and Maintain GPOs’

  • Ensure IT policies are met with regards to data security and Integrity

  • Ensure IT policies are met with regards to network security

  • Maintain and Manage Azure Active Directory Connect

  • Maintain and Manage Active Directory Federation Services (ADFS)

  • Monitoring of Active Directory and Domain Controllers


PERSON REQUIREMENTS

EXPERIENCE

  • Strong knowledge and experience working with SIEM Solutions, QRadar, McAfee ESM, Azure Sentinel

  • 3 to 5 years’ experience in IT Infrastructure Support, and a further 2 to 3 years’ track record as a Tier 3 SOC Analyst or Threat Hunter (Red Teaming) in an established SOC

  • Advanced knowledge of networks technologies (protocols, design concepts, access control)

  • Advanced knowledge of various security technologies (firewalls, web gateway, endpoint protection, vulnerability management, network infrastructure, etc.)

  • Advanced IT infrastructure technical and problem-solving skills

  • Good experience working with Mimecast

  • Good experience working Cofense PhishMe

  • Good experience working with Nessus or Qualys

  • Good understanding of the MITRE ATT&CK framework

  • Good understanding of the ITIL Framework.

  • Good report writing skills. PowerBI or QlikView

  • Brilliant with a support ticketing system and experience in meeting SLA targets.

  • Familiarity with risk management and quality assurance control.

  • Excellent interpersonal skills and professional demeanour

  • Excellent verbal and written communication skills

  • Candidate must be eligible to obtain National Security Clearance


QUALIFICATIONS

  • Grade 12

  • SIEM Technology certification

  • MCSE, MCSA.

  • ITIL Foundation qualification

  • Degree or Diploma in Computer Technology

  • CompTIA A+, N+ S+

  • CNNA or equivalent

  • CompTIA CySa and CASP+ advantageous


ADDITIONAL SKILLS/ATTRIBUTES:

  • Advanced Microsoft Excel experience, specifically data interpretation

  • Good understanding of IT infrastructure

  • A high command of the English language both written and verbal is essential.

  • Self-motivated with the ability to work unsupervised.

  • Attention to detail

  • Punctuality

  • Excellent verbal and written communication skills

  • Ability to remain flexible and adapt to changing priorities with promptness, efficiency, and ease

  • Possess proficient analytical and decision-making skills

  • Demonstrated capacity for gathering and scrutinizing data to identify issues, opportunities, and patterns

  • Proficient relationship building skills – predict customer behavior and respond accordingly

  • A strong service-oriented (‘can-do’) culture, with a strong focus on the ‘internal customer’ approach, committed to exceeding customer expectations

  • Good communicator with the customer environment

  • Dynamic but aware of the views and feelings of others

  • Able to operate as a good team player

  • Drive and Energy

  • Demonstrate clear purpose, enthusiasm, and commitment