SOC Analyst L3

Key Accountabilities

• Should have experience of 10 years in SOC and 5 years in Azure Sentinel.
• Ensure the Customer’s operational and production environment remains secure at all the times and any threats are raised and addressed in a timely manner.
• Critical incident handling & closure.
• Escalation management and handling escalations from L2 Analysts.
• Proactive discovery of threats based on MITRE ATT&CK framework.
• Deep investigation and analysis of critical security incidents.
• Post breach forensic incident analysis reporting.
• Review the weekly and monthly reports.
• Review new use cases created by L2 and implement in cloud-native SIEM (Security Information and Event Management).
• Assist with customer onboarding (such as use case development, identifying data sources, configuring data connectors etc)
• Advanced threat hunting.
• Develop custom dashboards and reporting templates.
• Develop complex to customer specific use cases.
• Advanced platform administration.
• Solution recommendation for issues.
• Co-ordinate with vendor for issue resolution.
• Basic and intermediate playbook and workflow enhancement.
• Maintain close working relationships with relevant teams and individual key stakeholders, such as incident response and disaster recovery teams as well as information security etc.
• Develop the custom parsers for the incident and alert enrichment.
• Problem specific playbook and workflow creation and enhancements
• Required to work flexible timings.

Skills & Experience

• Existing experience as a Security Operations Analyst, or equivalent.
• Experience of working in large scale, public cloud environments and with using cloud native security monitoring tools such as:
• Microsoft Sentinel
• Microsoft 365 Defender
• Microsoft Defender for Cloud
• Endpoint Detection & Response (EDR) tools such as Crowdstrike, Microsoft Defender for Endpoint.
• Firewalls and network security tools such as Palo Alto, Fortinet, Juniper, and Cisco.
• Web Application Firewall (WAF) tools such as Cloudflare, Akamai and Azure WAF.
• Email Security tools such as Proofpoint, Mimecast and Microsoft Defender for Office
• Data Loss Prevention (DLP) tools such as Microsoft Purview, McAfee and Symantec
• 
  

Nice to have skills/experience includes:

• Google Cloud Platform (GCP) security tools such as Chronicle and Security Command Centre
• Amazon Web Services (AWS) security tools such as Security Hub, AWS Guard Duty, AWS Macie, AWS Config and AWS CloudTrail
• Experience of analysing malware and email headers, and has skills in network security, intrusion detection and prevention systems; operating systems; risk identification and analysis; threat identification and analysis and log analysis.
• Experience of security controls, such as network access controls; identity, authentication, and access management controls (IAAM); and intrusion detection and prevention controls.
• Knowledge of security standards (good practice) such as NIST, ISO27001, CIS (Center for Internet Security), OWASP and Cloud Controls Matrix (CCM) etc.
• Experience with scripting and coding with languages such as Terraform, python, javascript, golang, bash and/or powershell.
• Experience with DevOps practices and tools such as Backlogs, Repo’s, Pipelines, Artifacts, CI/CD, JIRA, Azure DevOps, CircleCI, GitHub Actions, Ansible and/or Jenkins.
• Computer science, engineering, or information technology related degree (although not a strict requirement)
• Holds one, or more, of the following certificates (or equivalent): -
• Certified Information Security Systems Professional (CISSP)
• Microsoft Certified: Azure Security Engineer Associate (AZ500)
• Microsoft Certified: Security Operations Analyst Associate (SC-200)
• CREST Practitioner Intrusion Analyst (CPIA)
• CREST Registered Intrusion Analyst (CRIA)
• CREST Certified Network Intrusion Analyst (CCNIA)
• Systems Security Certified Practitioner (SSCP)
• Certified Cloud Security Professional (CCSP)
• GIAC Certified Incident Handler (GCIH)
• GIAC Security Operations Certified (GSOC)
• A highly self-motivated and proactive individual who wants to learn and grow and has an attention to detail.
• A great analyser, trouble-shooter and problem solver who understands security operations, programming languages and security architecture.
• Highly organised and detail oriented. Ability to prioritise, multitask and work under pressure.
• An individual who shows a willingness to go above and beyond in delighting the customer.