Security Operations Center Analyst

The Cyber Security Analyst will report to the SOC Manager who will coordinate his activities with the rest of the SOC team. He/she will perform and participate to security events investigations, follow standardized SOC processes and provide security event analyses for incident remediation activities.

Key responsibilities

• Work as a member of the SOC team to identify, prioritize and respond to security incidents.
• Actively monitor and support internal and external systems cybersecurity platforms, liaising with colleagues as necessary
• Compile standardized incident notification reports identifying potential risks / threats
• Adhere to pre-defined KPIs regarding incident analysis and notification
• Follow specific information security controls and policies
• Undergo security platform trainings, internal procedures and industry certification trainings as part of the onboarding process
• Perform enrichment activities using different Threat Intelligence platforms, sandboxes and other additional relevant security tools.
• Work with customers/partners to guide them through different detections and alerts.
• Work with customers/partners during the incident response process.
• Provide customers/partners guidance on best practices and remediation.
• Conduct analysis on the output of ProActive Hunt platform including host and network-based detections.
• Proactively search for signs of malicious activities within th monitored infrastructure

Requirements

• Willingness to work in shifts (24/7/365)
• The candidate should have the ability to perform host and network-based security event analysis that includes reviewing running processes, network connections, file system activity, system logs etc.
• The candidate should have a good understanding of TTP in use by attackers, such as the MITRE Att&ck framework or equivalent.
• Good understanding of Windows and Linux server environments including commonly configured roles and related technologies, such as web, database, domain services, etc.
• The candidate should have basic knowledge about SIEM, EDR and XDR security platforms, and a some understanding of different detections, rules and correlations.
• The candidate should be able to perform multiple tasks, quickly react and adapt in complex uncertain environments and manage multiple cases simultaneously.
• The candidate should have good communication and presentation skills.
• The candidate must be able to determine the severity of security alert notifications and required escalation / investigation flows
• The candidate is expected to determine the root cause of potential cybersecurity incidents, based on security alerts starting points
• The candidate must be able to triage false positive detections regarding security events
• The candidate is expected to document (in brief or in full) the result of work performed, based on the type of task
• The candidate is expected to stay up to date with changes in technology and trends in cybersecurity attacks to be able to detect and/or prevent them

Education and Experience:

• Bachelor's Degree in Computer Science or Information Security, or a related field (or equivalent professional experience)
• One year or more experience with SIEM, EDR or XDR platforms operation – or alternate fields of Security Monitoring, Security Operations and similar domains
• Certifications: CompTIA Security+, Analyst+, Blue Team Level 1, CySa+, CEH, or similar certifications are advantageous, but not mandatory.
• Technical experience: basic exposure to SIEM, IPS/IDS, EDR/XDR, firewalls and/or other security controls technology
• Basic or higher understanding about identifying and investigating security incidents and understanding current threat landscapes and attack techniques.
• Excellent attention and focus on cybersecurity relevant details, such as artifacts, indicators of compromise and alert investigation / pivoting and drill down
• Strong cross-functional collaboration skills
• Good knowledge and understanding of cybersecurity risk concepts and principles, as a means of relating business needs to security controls.
• Good knowledge of mainstream operating systems: Windows and Linux, and security technologies including host-based security tools.
• Knowledge of core network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts as well as network traffic analysis tools.
• Communication Skills: Strong communication skills and the ability to work effectively within a team.
• Language Skills: Very good English skills are required.