Description
Scope of services and deliverables are detailed below:
- Reinforce the L2 team in the Security Operation Centre
- Review and analysis of the alerts raised by the level1: triage, first level of analysis and investigation around Security alerts.
- Tuning of the Use Cases (UC) applied to the log sources
- Communication with internal customers to tune and to understand their context
- Test and validation of new Use Cases developed
- Improvement of the tooling to continuously look for optimization, efficiency of the SOC Detection
Skills required
- Security knowledge
- Knowledge on security tools: IDPS, Firewall, Proxy, DDoS, WAF, AV, EDR, VPN, IAM
- Knowledge on security methodology: ISO27xxx
- Knowledge on current security threats
- SOC experience
- Good experience in security analysis and in understanding of security threats and scenarios of attacks
- Knowledge of SIEM Tools (Arcsight, or any other SIEM)
- Excellent analytical skills Field experience
- Strong experience in IT operations
- Team Spirit
- Good communication capabilities
- Customer-oriented mindset English
- Very good written and spoken (international context)
Experience
- 3 years in security with SOC/SIEM experience Confidential
Expected deliverables
- Review of the tickets processed for all the tickets falling into the responsibility of the analyst in respect of time and quality Use of email and/or ticketing tool
- Create/manage tickets for the tuning of UCs for the perimeter the analyst is accountable for
- Deliver minutes of tuning meetings with customers
- Deliver design and specifications for new UCs
- Deliver/update guidelines for the L1 Use of ticketing tool
- Deliver documentation for all improvement activities All activities need to be documented in the SOC repository.