CSOC Level 2 Analyst:

Expertise:

Well-versed in Microsoft Security Products, including MS Defender for Endpoint, Cloud,

Identity, AV, and MS Sentinel.

 Knowledge of Incident Response frameworks knowledge (NIST, MITRE ATT&CK,

Cyber Kill Chain)

 C-SOC Level 2 Analysts are responsible for advanced incident response activities,

comprehensive log analysis, and detailed incident reporting.

 Skilled in utilizing tools to enhance the efficiency of Incident Response within a SOC.

 Experienced with THOR Scanner, VMRay, and Recorded Future Sandbox is a plus.

 Knowledgeable in Application, Cloud, and Infrastructure security, including Firewalls,

Proxies, and Web Application Firewalls (WAF).

 Must be willing to provide support and be flexible to work in 24/7 rotational shifts,

including weekends.

Technical Knowledge:

 

 Proficient in using advanced tools to detect and analyze sophisticated threats.

 Capable of conducting in-depth technical analyses of incidents, providing detailed

technical information.

 Experienced in documenting and analyzing incident timelines and events.

 Skilled in reviewing and analyzing user access logs to identify unauthorized or suspicious

activities.

 Proficient in analyzing email logs to trace phishing attacks, spoofed messages, and other

email-related threats.

 Expertise in using SIEM (Security Information and Event Management) systems,

IDS/IPS (Intrusion Detection/Prevention Systems), and other security monitoring tools.

 Experienced in using sandbox environments to safely analyze and understand malware

behavior.

 Able to provide technical feedback to internal security teams.

 Strong analytical skills to interpret complex datasets and identify patterns indicative of

security threats.

 Support mail security during incidents by collaborating with L3-Mail-Security and Mail

Teams to address issues such as spoofed messages and other email threats.

 Skilled in refining and tuning alerting systems based on insights from incident

investigations to reduce false positives and enhance detection capabilities.

 Responsible for maintaining and managing the SOC Knowledgebase, including

playbooks, processes, and contacts.

 Collaborate with the Cyber Incident Response (CIR) Service for activation and incident

management