L2 SOC Analyst (MSSP)

Job Role Overview:

We are seeking capable, motivated, and technically proficient Level 2 Security Operations Center (SOC) Analysts to join our dynamic Managed Security Service Provider (MSSP) team. This role is ideal for experienced SOC Analysts who bring substantial expertise in SOC operations, advanced threat analysis, and proactive security practices. We are looking for professionals with strong hands-on experience in SIEM tools, endpoint security, threat hunting, and incident response frameworks.

Expertise in:

1. Expertise in SIEM (LogRhythm/ Gurucul/ IBM QRadar), including deployment and ongoing updates
2. Experience in developing playbooks (D3 SOAR)
3. Creation of SIEM detection rules and code-level detection rules (Sigma Rules)
4. Development of use cases (unlimited)
5. Creation and integration of playbooks (unlimited) and customer-specific parsers
6. Enhancement of SOC policies and procedures
7. Integration related to DESC (Dubai Electronic Security Center) and DCI (Dubai Cyber Index)
8. Establishing a baseline and customization based on the customer environment, addressing attack techniques aligned with MITRE
9. Ability to manage and lead SOC team activities and operations.

Job Description:

1. Responsible for interpreting and analyzing alerts from detection systems, security intelligence devices such as IDS and IPS, firewall logs, application logs, network flow data, and other pertinent sources.
2. Conduct end-to-end security incident triage, notify the appropriate team, and provide contextual information for attack mitigation and remediation.
3. Take ownership of security incidents until they are resolved and initiate the corresponding escalation process.
4. Perform a comprehensive analysis of security data to identify control weaknesses and gaps, and make recommendations for mitigation.
5. Responsible for utilizing available threat hunting tools and methodologies, providing valuable feedback for improvements to drive change. Additionally, the team monitors detection capabilities and team performance on an operational basis.
6. Conduct an ongoing threat hunting campaign service aligned with CUSTOMER requirements and cyber threat intelligence, with assistance from the onsite threat hunting team.
7. Collaborate with Security Delivery teams to develop necessary tools and capabilities to gather, process, and interpret large volumes of log and event data.
8. Create and maintain documentation, supporting controls and quality assurance in accordance with the organization's standards.
9. Responsible for managing the data and knowledge collected, consumed, and generated by CUSTOMER services.
10. Develop highly extensible, scalable, and SIEM content services that can be integrated into a wide range of Cybersecurity use cases.
11. Configure and fine-tune detection systems to accurately identify threats and relevant alerts from the infrastructure.
12. Create, review, and validate daily compliance reports to monitor business-as-usual and out-of-policy activities.
13. Collaborate with CUSTOMER's Cybersecurity Incident Response Team and Threat Hunting Team to identify and implement content improvements.
14. Provide input into the overall CUSTOMER security services architecture and governance model.
15. Offer technical oversight, standardization, and validation of the effectiveness of CUSTOMER content services.
16. Utilize capability modeling to align systems strategy and planning with business strategy and goals.
17. Review the existing CUSTOMER systems architecture, identify gaps, and work with relevant teams to enhance the productivity of CUSTOMER systems.
18. Consult with CUSTOMER architecture teams to determine when modifications to the technical architecture are necessary to accommodate infrastructure and security needs.
19. Participate in documenting developed content, architecture, and analysis work.
20. Coordinate with internal department owners to initiate integrations with CUSTOMER systems and provide relevant information and integration guidance.
21. Monitor and maintain integrations with log sources to meet operational SLAs for coverage.
22. Develop a consolidated list of telemetry and asset information that will serve as a reference for target integrations and coverage, breaking it down by source type (e.g., security systems, OS, applications, etc.) and assigning relevant priorities to each asset.

Certification:

1. GIAC Certifications (GCIH, GCIA, GCFA)
2. CISSP/CISM or CISA
3. Certified Ethical Hacker (CEH)
4. CompTIA Security+

Essential Soft Skills:

1. Strong analytical, problem-solving, and critical thinking skills.
2. Effective communication and presentation skills to articulate technical details clearly.
3. Ability to handle stress and high-pressure situations, prioritizing multiple tasks effectively.
4. Continuous learning attitude, adaptability, and proactive approach to cybersecurity.