2.1.CSOC Analyst L2 –

Responsible to triage operating system related cyber security incidents as a member of Security

Operations Center incident responders’ team second line.

Performs deep-dive incident analysis by correlating data from various sources; determines if a critical

system or data set has been impacted; advises on remediation; provides support for new analytic

methods for detecting threats.

* Proactively monitoring the operating systems alert queue using multiple tools, such as SIEM,

EDR and custom-built system monitoring tools;

* Conducting triage of alerts to identify potential, false positives, policy violations, intrusion attempts

and compromises on the system level;

* Consolidating data from alert triage to provide context necessary to escalate Tier 3 Analyst;

* Escalate to Tier 3 Analyst with all necessary data for deeper analysis and review;

* Collecting evidences on operating system level for Incident analysis;

* Advises on remediation;

* Supporting operating system related security controls management;

* Supporting operating system related threat detection analytics;

Should have good knowledge of security tools and skills as follows:

* Knowledge about MS Windows and UNIX based systems

* Knowledge TCP/IP version 4 and version 6

* Manual testing skills

* Automation testing skills

* Technical writing skills

* Problem solving skills and attention for detail

* Malware analysis sandboxing solution, Security Event and Incident Monitoring System (SIEM),

Orchestration tool and playbook response concept, Endpoint Detection and Response tool

(EDR), Anti-malware systems, Intrusion Detection and Prevention Systems, Firewalls.

Required industry certificates:

* ECC CEH – Certified Ethical Hacker - in good standing

* some of SANS, GIAC, ISACA, (ISC)2 certificates or trainings - in good standing

Recommended industry certificates:

* SANS, GIAC, ISACA, (ISC)2