IT Services

Purpose of the role:

The Senior Security Operations Centre (SOC) Analyst assists in deploying, maintaining, tuning, monitoring, and managing security tools related to the Security Operations Centre.  The Senior SOC analyst will function as a Level 2 analyst, and act as a mentor to other members of the team.  The Tier 2 SOC analyst will review alerts from Level 1 analysts and network security devices, security information and event management and other tools as needed, works with other analysts to collect, correlate, and analyse security-relevant data, and respond to threats in a timely manner. This position reports to the SOC manager.


Role and responsibilities:

  • Work with alerts from the Tier 1 SOC Analysts, to perform in-depth analysis and triage of network security threat activity based on computer and media forensics, malicious code analysis, and protocol analysis.
  • Assist with the development of incident response plans, workflows, and Standard Operating Procedures.
  • Monitoring and management of SIEM infrastructure.
  • Monitor the service ticket board and ensure the tickets are managed and responded in line with SLA.
  • Review and fine tune the false positive incidents.
  • Provide feedback and Automate the common recurring tasks.
  • Develop and implement detection use cases.
  • Be responsible to manage self Time and the tasks assigned.
  • Regularly and promptly carry out the ticket management tasks.
  • Run the weekly call with customers on the developed KPIs.
  • Minute the notes and present to the team lead after meetings with the customers.
  • Adhere to strict change management process.
  • Create and review monthly reports with analysis.
  • Continuously assess current state of security monitoring and recommend enhancements to SOC security process, procedures and policies.
  • Reviews and collects asset data (configs, running processes, etc.) on these systems for further investigation with in the SLA timelines.
  • Determine and direct remediation and recovery efforts.
  • Participate in evaluating, recommending, implementing, and troubleshooting security incidents.
  • Document and maintain customer build documents, security procedures and processes.
  • Staying up-to-date with emerging security threats including applicable regulatory security requirements
  • Participate in on-call rotation for after-hours security and/or engineering issues.
  • Perform customer security assessments.
  • Other responsibilities and additional duties as assigned by the security management team.
  • Communicate effectively with customers, teammates, and management.
  • Leverages emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attack.
  • troubleshooting scripts used for internal process.
  • review vulnerability scans and send vulnerability assessment reports.
  • Proactively conduct research of client network traffic and system activity looking for security anomalies and suspicious activities.
  • Perform Advanced Persistent Threat correlation between multiple security event sources such as firewall logs, threat intelligence feeds, AV, IDS, IPS, and EDR solutions.
  • Provide mentoring to other members of the Security Operations Centre team.



Essential Skills:

  • Strong problem-solving skills, critical thinking, excellent analytical ability, strong judgment and the ability to deliver high performance and high levels of customer satisfaction in a matrix managed environment.
  • Experience on SIEM technology, preferably on IBM QRadar
  • Device Knowledge such as Firewall, IPS/IDS, Routers/Switches
  • Security certifications (CISSP, CISM, GIAC certs) preferred
  • ITIL V3 certified


Education and experience:

  • 2+ years of experience working in Security Operations Centre with a Security Incident & Event Management (SIEM) to correlate events across several devices.
  • Strong understanding of network devices such as Intrusion Detection Systems (IDS)/ Intrusion Prevent Systems (IPS), firewalls, network packet capture tools, and file integrity monitoring tools.
  • Proficient knowledge in incident prevention, detection and response tools
  • Knowledge of network and server security products, technologies, and protocols
  • Requires background in at least 2 of the following domains: hacking and incident response; network forensics; security engineering, security analysis and investigations