Experience: 

• C-SOC Level 2 Analysts are responsible for advanced incident response activities, comprehensive log analysis, and detailed incident reporting. 

• Proficient in Malware Analysis and Threat Hunting. 

• Skilled in utilizing tools to enhance the efficiency of Incident Response within a SOC. 

• Experienced with THOR Scanner, VMRay, and Recorded Future Sandbox. 

• Well-versed in Microsoft Security Products, including MS Defender for Endpoint, Cloud, Identity, AV, and MS Sentinel. 

• Knowledgeable in Application, Cloud, and Infrastructure security, including Firewalls, Proxies, and Web Application Firewalls (WAF). 

• Must be willing to provide support and be flexible to work in 24/7 rotational shifts, including weekends.

Technical Knowledge:

• Proficient in using advanced tools to detect and analyze sophisticated threats.
• Capable of conducting in-depth technical analyses of incidents, providing detailed technical information.
• Experienced in documenting and analyzing incident timelines and events.
• Skilled in reviewing and analyzing user access logs to identify unauthorized or suspicious activities.
• Proficient in analyzing email logs to trace phishing attacks, spoofed messages, and other email-related threats.
• Expertise in using SIEM (Security Information and Event Management) systems, IDS/IPS (Intrusion Detection/Prevention Systems), and other security monitoring tools.
• Experienced in using sandbox environments to safely analyze and understand malware behaviour.
• Able to provide technical feedback to internal security teams.
• Strong analytical skills to interpret complex datasets and identify patterns indicative of security threats.
• Support mail security during incidents by collaborating with L3-Mail-Security and Mail Teams to address issues such as spoofed messages and other email threats.
• Skilled in refining and tuning alerting systems based on insights from incident investigations to reduce false positives and enhance detection capabilities.
• Responsible for maintaining and managing the SOC Knowledgebase, including playbooks, processes, and contacts.
• Collaborate with the Cyber Incident Response (CIR) Service for activation and incident management.