Short Description for Internal Candidates

Expertise: • Level 3 Analysts are tasked with advanced incident response activities, including comprehensive malware analysis, in-depth log analytics, and detailed incident reporting. • Strong experience in Malware Analysis, Threat hunting. • Usage of tools to make Incident response in SOC more efficient. • Experience in THOR Scanner, VMRay and Recorded Future Sandbox.

*Description for Internal Candidates

Technical Knowledge:

·       Usage of advanced tools to detect and analyse advance threats.

·       Technical in-depth analyses of an incident by providing detailed technical information on incidents.

·       Detailed analysis and documentation of the incident timeline and events.

·       Reviewing and analysing user access logs to identify unauthorized or suspicious activities.

·       Analysing email logs to trace phishing attacks, spoofed messages and other email-related threats.

·       Proficiency in using SIEM (Security Information and Event Management) systems, IDS/IPS (Intrusion Detection/Prevention Systems), and other security monitoring tools1.

·       Check malware with sandbox: Using sandbox environments to safely analyze and understand malware behavior.

·       Provide (technical) feedback to requests from internal security teams.

·       Strong ability to analyses complex datasets and identify patterns indicative of security threats.

·       Support for mail security during incidents: collaboration with L3-Mail-Security and Mail Team, working closely with email security teams to address issues such as spoofed messages and other email threats during incidents.

·       Alert tuning for incidents.

·       Refining and tuning alerting systems based on insights and feedback from incident investigations to reduce false positives and enhance detection capabilities.

·       Setting up of SOC Knowledgebase: Maintaining and managing the CSOC's knowledge base, which contains all the important information such as playbooks, processes, contacts, and more.

·       Activation and collaboration with CIR Service: In case of a severe incident, CIR Service can be activated to provide support to resolve the incident.

*Responsibilities for Internal Candidates

• Incident Response Management: Coordinate the response to security incidents, from identification to resolution.
• Incident Management: Development and implementation of incident management processes.
• Escalation management: Escalation of serious security incidents to senior management and relevant stakeholders.
• Coordination and communication: Collaborate with internal teams and external partners to ensure effective incident response.
• Lessons learned: Conducting post-incident analyses and identifying opportunities for improvement.
• Documentation and reporting: Documentation of all steps and decisions during incident response as well as creation of reports.
• Continuous improvement: Monitoring and evaluating the effectiveness of incident response processes and implementing improvements.

*Qualifications for Internal Candidates

Bachelor’s/master’s degree in computer science, Information Systems, Engineering, Information Security, Cybersecurity, or a related field is required.