For both L3 Senior SOC Analyst and L2 SOC Analyst:

• Threat Hunting: Proactive identification of advanced threats, anomalies, and malicious activities within the bank's network and systems.

• Incident Response (IR): Participation in the full incident response lifecycle, including detection, analysis, containment, eradication, recovery, and post-incident review.
• Alert Finetuning: Continuous optimization and reduction of false positives from security alerts across various security tools (e.g., SIEM, EDR, IDS/IPS).

• Coordination: Seamless coordination and communication with various internal teams within the bank (e.g., IT Operations, Application Development, Infrastructure, Business Units) during security incidents and daily operations.

• Management Reporting: Preparation of clear, concise, and actionable reports for management on security incidents, threat intelligence, SOC performance, and project status.

• Log Source Validation: Ensuring the proper onboarding, configuration, and validation of security log sources into the SIEM (Splunk) to ensure comprehensive visibility.

• Splunk Expertise: Advanced proficiency in Splunk for security monitoring, dashboard creation, query optimization, and data analysis.

Specific to L3 Senior SOC Analyst:

• SOC Vendor Management: Acting as a primary liaison with various SOC technology vendors, managing relationships, ensuring service level agreements (SLAs) are met, and driving product enhancements.

• Strategic Input: Providing strategic input on SOC roadmap, technology selection, playbooks and process improvements.

• Mentorship: Mentoring and guiding junior SOC analysts.

Resource Requirements and Qualifications

The vendor must provide resources that meet the following minimum qualifications:

4.1 L3 Senior SOC Analyst (1 Resource)

• Experience: Minimum of 7-10 years of dedicated experience in a Security Operations Center (SOC) environment, with at least 3-5 years in a senior or lead role.

• Expertise:
• Demonstrable expertise in advanced threat hunting methodologies and techniques.
• Proven experience in managing SOC vendors, including contract negotiation, performance monitoring, and issue resolution.
• Extensive experience in leading and executing complex incident response activities.
• Deep understanding of SIEM (Splunk preferred) alert correlation, rule creation, and optimization.
• Strong background in financial services industry cybersecurity.
• Application and DB logs
• Application use case

• Technical Skills:
• Advanced Splunk expertise (Splunk Enterprise Security experience highly desirable).
• Proficiency in scripting languages (e.g., Python, PowerShell) for automation and analysis.
• Extensive experience with Endpoint Detection and Response (EDR) and Network Detection and Response (NDR) platforms.
• Familiarity with various security technologies (e.g., Cloud Security, Vulnerability Management).

• Certifications (Highly Preferred): CISSP, SANS GIAC certifications (e.g., GCIH, GCFA, GNFA, GDAT), OSCP.

• Soft Skills: Excellent communication, leadership, problem-solving, and analytical skills. Ability to work effectively under pressure.

4.2 L2 SOC Analyst (1 Resource)

• Experience: Minimum of 3-5 years of dedicated experience in a Security Operations Center (SOC) environment.

• Expertise:
• Solid experience in performing threat hunting activities.
• Hands-on experience in incident detection, analysis, and initial response.
• Experience in finetuning security alerts and managing SIEM rules.
• Understanding of log source integration and validation processes.
• Background in financial services industry cybersecurity.

• Technical Skills:
• Proficiency in Splunk for security monitoring and basic query writing.
• Hands-on experience with Endpoint Detection and Response (EDR) and Network Detection and Response (NDR) tools.
• Familiarity with common security tools and technologies.

• Certifications (Preferred): CompTIA Security+, CySA+, Splunk Core Certified User/Power User.

• Soft Skills: Strong analytical, communication, and teamwork skills. Eagerness to learn and adapt.