The SOC analyst is part of KL SOC team engaged in continues security monitoring, incident response and cyber threat hunting.
Principle Responsibilities
:
Analyze security events from endpoints (Windows, Mac, Linux), Network IDS, Web:proxies, Mail:gateways, Active Directory infrastructure
:
Detect and investigate information security incidents
:
Propose Incident response actions and remediation plan.
:
Identification of potential vectors of attacks, develop detection methods of these attacks by existing technological solutions
:
Adjust detection logic to fit Customer needs (filter out false positives, customize correlation rules, etc)
:
Communicate with Customers regarding detected incidents and suspicious activities.
Mandatory skills
:
Practical experience in the identification and investigation of information security incidents, development of recommendations to prevent similar incidents in the future
:
Understanding of the methods, tools and processes to respond to information security incidents
:
Experience in network traffic and log:files analysis from various sources
:
Knowledge of current threats, vulnerabilities, typical of attacks on information systems and tools to implement them, as well as methods for their detection and response
:
Knowledge of network protocols, the architectures of modern operating systems and information security technologies
Other requirements
:
Experience in work with ELK stack is welcome
:
Certifications (Offensive Security, GIAC) are welcome