Purpose of the role:

The Senior Security Operations Centre (SOC) Analyst assists in deploying, maintaining, tuning, monitoring, and managing security tools related to the Security Operations Centre. The Senior SOC analyst will function as a Level 3 analyst, and act as a mentor to other members of the team. The Tier 3 SOC analyst will review alerts from Level 2 analysts and Arkphire Security network security devices, security information and event management and other tools as needed, works with other analysts to collect, correlate, and analyse security-relevant data, and respond to threats in a timely manner. This position reports to the SOC manager.

Role and Responsibilities:

• Performance and power modelling and evaluations of existing and future designs
• Defining and evaluating SIEM software and firmware optimisations
• Workload & benchmark definition and development
• Lead consulting engagements focused on the assessment, design, and implementation of enterprise-scale QRadar solutions

• Build, operate, and develop or maintaining a SIEM infrastructure.
• Provide architecture-level design to support and operate Security Information and Event Management (SIEM) or Security Event Management (SEM) best practices
• Design SIEM to meet growth while maintaining the balance between performance, stability, and agility.
• Manage customer expectations, onboard data into SIEM support projects in multi-site or clustered SIEM installations
• Assist with the development of advanced reports to meet the requirements of key stakeholders.
• Conduct research in areas driven by customer use cases, architect and support systems used to configure and deploy enterprise SIEM log management solutions and develop automation for security tools management.
• Assist with the automation, deployment, integration, and testing of enterprise systems and services and create and optimize Big Data correlations
• Service Delivery Responsibilities
• Carry out Quarterly audit for the SIEM infrastructure for all customers
• Be a project lead and ensure all the SIEM projects are delivered in-line with Customer expectation and best practices
• Provides input to technical estimates created with standards tools, portfolio Work Breakdown Structures, statements of work and industry standard estimating techniques.
• Provide mentoring to other members of the Security Operations Centre team
• Design and deploy Vulnerability Management and remediation
• Will be required to work on customer sites from time to time.

Essential Skills:

Strong problem-solving skills, critical thinking, excellent analytical ability, strong judgment and the ability to deliver high performance and high levels of customer satisfaction in a matrix managed environment.

• Experience on SIEM technology, preferably on IBM QRadar
• Device Knowledge such as Firewall, IPS/IDS, Routers/Switches
• Security certifications (CISSP, GIAC certs) preferred
• ITIL V3 certified

Education and Experience:

Strong problem-solving skills, critical thinking, excellent analytical ability, strong judgment and the ability to deliver high performance and high levels of customer satisfaction in a matrix managed environment.

• 4+ years of experience working in Security Operations Centre with a Security Incident & Event Management (SIEM) to correlate events across several devices.
• Strong understanding of network devices such as Intrusion Detection Systems (IDS)/ Intrusion Prevent Systems (IPS), firewalls, network packet capture tools, and file integrity monitoring tools.
• Proficient knowledge in incident prevention, detection and response tools
• Knowledge of network and server security products, technologies, and protocols
• Requires background in at least 2 of the following domains: hacking and incident response; network forensics; security engineering, security analysis and investigation
• Device Knowledge such as Firewall, IPS/IDS, Routers/Switches
• Security certifications (CISSP, GIAC certs) preferred
• ITIL V3 certified