SOC Monitoring Associate (CPX)
Overview:
To triage/analyze alerts raised by cybersecurity detection tools deployed onsite or remotely and escalate the ones to be escalated to Senior SOC Analyst.
Ability to handle high-pressure and complex situations.
Ability to work on shift 24x7.
Responsibilities:
ā¢ Examine network topologies to understand data flows through the network.
ā¢ Use SOC tools for continual monitoring and analysis of system activity to identify malicious activity.
ā¢ Identify network mapping and operating system fingerprinting activities.
ā¢ Continuously monitor the SIEM events/alerts to identify any anomalies.
ā¢ Perform event correlation using information gathered from a variety of sources within the organization to gain situational awareness and determine the effectiveness of observed attacks.
ā¢ Detect Incidents by monitoring the SIEM console, Rules, Reports, and Dashboards.
ā¢ Provide timely detection, identification, and alerts of possible attacks/intrusions, anomalous activities, and misuse activities, and distinguish these incidents and events from benign activities.
ā¢ Report the confirmed incident as per the Incident management process.
ā¢ Notify the Senior SOC Analyst on suspected/anomaly events for further analysis.
ā¢ Document and escalate incidents (including eventās history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
ā¢ Monitor the health of the SIEM tool and report any issues/incidents/malfunctions to the SOC SIEM administrator.
ā¢ Assist Senior SOC Analyst and other security specialists in incident investigation and workflow.
ā¢ Assist Senior SOC Analyst and internal team in incident detection and resolving.
ā¢ Communicate and provide necessary information to external teams for timely incident resolution
ā¢ Knowledge of incident handling process
ā¢ Knowledge in recognizing and categorizing types of vulnerabilities and associated attacks.
ā¢ Work on shift 24x7
ā¢ Collaborate and build relationships with internal parties to support SOC operations.
ā¢ Self-motivated, curious, and knowledgeable about information security news and current events.
ā¢ Ability to build relationships and interact effectively with internal parties.
ā¢ Good analytical, technical, written, and verbal communication skills.
ā¢ Comfortable with a high-tech work environment and constantly learning new tools and innovations.
ā¢ Good working knowledge of Office tools.
ā¢ Self-motivated, curious, and knowledgeable about information security news and current events.
ā¢
ā¢ Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
ā¢ Knowledge of which system files (e.g., log files, registry files, and configuration files) contain relevant information and where to find those system files.
ā¢ Knowledge of hacking methodologies in Windows or Unix/Linux environment Surveillance and penetration testing principles, tools, and techniques (e.g., Metasploit, NeoSploit).
ā¢ Knowledge of programming language structures and logic.
ā¢ Knowledge of web mail collection, searching/analyzing techniques, tools, and cookies Web Technology.
ā¢ Knowledge of malware and malware analysis tools (e.g., Olly Debug, Ida Pro).
ā¢ Knowledge of virtual machine-aware malware, debugger-aware malware, and packing.
ā¢ Knowledge of types and collections of persistent data and of basic concepts and practices of processing digital forensic data.
ā¢ Knowledge of forensic processes for seizing and preserving digital evidence (e.g., a chain of custody).
ā¢ Knowledge of Cyber Threat Intelligence, Endpoint Protection, Security Orchestration, and Automation technologies.
Qualifications:
Any cybersecurity certification is a plus
A Bachelorās Degree in Computer Science or Information Technology (Any area).
Overall 3+ yearsā experience working in a large-scale IT environment focusing on Information Security.
- Minimum 3 years experience in Information and Cyber Security.
- Minimum 3 years experience with SIEM technologies
Requirements
- ā¢Knowledge of incident handling processes
- ā¢Ability to recognize and categorize types of vulnerabilities and associated attacks
- ā¢Knowledge of system and application security threats (e.g., buffer overflow, XSS, SQL injections)
- ā¢Knowledge of system files (log files, registry files, configuration files)
- ā¢Knowledge of hacking methodologies in Windows or Unix/Linux environments
- ā¢Good working knowledge of Office tools
- ā¢Good analytical, technical, written, and verbal communication skills
- ā¢Ability to work on shift 24x7
Responsibilities
- ā¢Examine network topologies to understand data flows
- ā¢Use SOC tools for continual monitoring and analysis of system activity
- ā¢Identify network mapping and operating system fingerprinting activities
- ā¢Continuously monitor SIEM events/alerts to identify anomalies
- ā¢Perform event correlation to gain situational awareness and determine attack effectiveness
- ā¢Detect incidents by monitoring SIEM console, Rules, Reports, and Dashboards
- ā¢Provide timely detection and alerts of possible attacks/intrusions
- ā¢Report confirmed incidents as per the Incident management process
Related Jobs
- Check your resume before CPX rejects it
- Get AI-rewritten bullet points
- Download Gulf-ready CV
60 seconds. $3.99 one-time.
CPX offers digital transformation and IT services. The company serves businesses looking to enhance their technological capabilities.
Visit WebsiteView all jobs