Accessibility Links
  • Job reference: RMS0225020

L2 SOC Analyst

  • Sector: IT
  • Location: Saudi Arabia
  • Job type: Contract
  • Date posted: 06/05/2020
  • Duration: 1 year
  • Time left:
    d h m s
    (17/06/20)
Send jobs like this to my email    What's this?

The Role:
The SOC Threat Response Analyst role is part of the Client SIC team. Candidates in this role will be responsible for conducting incident response operations according to documented procedures and industry best practices. Candidates in this role must have excellent communication skills and be able to interact with executive levels throughout the company. Must have extensive experience in multiple security areas such as SIEM, EDR, IDS, APT, and WAF. Candidates will be required to participate in multiple intelligence communities and be able to disseminate pertinent information throughout the SIC team. Ideal candidates should have extensive experience in Linux and Windows operating systems as well as having a deep knowledge of networking and attack methods. Must display enthusiasm and interest in Information Security.

Standard Job Requirements
Provide initial investigation of security incidents
Provide communication and escalation throughout the incident per the Incident Response process
Communicates directly with data asset owners and business response plan owners during high severity incidents
Hunting for suspicious anomalous activity based on data alerts or data outputs from various toolsets like SIEM, EDR etc.
Perform analysis of log files
Provide first responder forensics analysis and investigation
Drives containment strategy during data loss or breach events
Triage and resolve advanced vector attacks such as botnets and advanced persistent threats (APTs)
Works directly with data asset owners and business response plan owners during high severity incidents
Tuning of IDS, proxy policy, in-line malware tools based on threat feeds, trust and reputation data, incidents, or vulnerabilities and exploits of downstream systems
Provide tuning recommendations to administrators based on findings during investigations or threat information reviews
Technical Competencies
Strong Analytical and Problem Solving Skills
Knowledge of network security zones, Firewall configurations, IDS policies
Knowledge of systems communications from Layer 1 to 7
Experience with Network and Network Security tools administration
Knowledge of log formats and ability to aggregate and parse log data for syslog, http logs, DB logs for investigation purposes
In-depth experience with log search tools such as QRadar, usage of regular expressions and natural language queries
In-depth knowledge of packet capture and analysis
Experience with Security Assessment tools (NMAP, Nessus, Metasploit, Netcat
Experience with EDR tool such as Carbon Black Response to carry out incident detection and response.
Ability to make create a containment strategy and execute

Training, Qualifications, and Certifications
Preferred:
Security Essentials - SEC401 (optional GSEC certification)
Intrusion Detection In Depth - SEC503 (optional GCIA certification)
Hacker Techniques, Exploits & Incident Handling - SEC504 (optional GCIH certification)
Recommended:
Hacker Guard: Security Baseline Training - SEC464
Advanced Security Essentials - SEC501 (optional GCED certification)
Perimeter Protection In Depth - SEC502 (optional GCFW certification)
Securing Windows and Resisting Malware - SEC505 (optional GCWN certification)
Securing Linux/Unix - SEC506 (optional GCUX certification)

About Fircroft:
Fircroft has been placing people in specialist technical industries for over 50 years, focusing on mid to senior level engineers for contract and permanent roles worldwide. By applying for this job you give consent for Fircroft to contact you, via email & telephone, to discuss your application along with future positions and Fircroft's services.

Fircroft is registered as a Data Controller with the Information Commissioner as required under the General Data Protection Regulation 2016/679. Fircroft will only process your personal data for the specific purposes of managing your application.

Similar jobs
Cisco Collaboration Engineer Location Saudi Arabia Duration 1 year The Role: Cisco Collaboration Engineer - 3 years contract ...

Back to Top

By clicking "Save" you consent to
receiving matching jobs based on the
job/page you are viewing by email from
Fircroft, as detailed in our privacy policy
Fircroft would like to keep you up to date with our current vacancies and latest company updates via email. Occasionally Fircrofts marketing may contain 3rd party or affiliate information, however we will not share your personal data with any 3rd parties without your consent. From time to time, we might contact you to get your views on the service you have received. To help you get the best out of Fircroft, we may personalise them based on your location and how you use fircroft.com
Fircroft would like to keep you up to date with the latest company updates and vacancies via SMS / Text messages
Your consent options above means that Fircroft cannot contact you about any new or alternative career vacancies. If you want Fircroft to only contact you about the role(s) you have applied for please continue, however if you would like to be considered for other positions please allow us to contact you by changing one or more of the above consent.