SOC Analyst L1/L2

SOC Analyst (Level 1)

• Experience in monitoring SIEM (Dashboards, Alerts and Notifications) for Security Incidents

• Understanding of Classify / Segregate incidents into appropriate categories based on severity and type

• Experience in taking actions based on incident severity (follow incident response plan, if any) such as:

• Raise Incident ticket in Ticketing Tool

• Notify system owners and relevant technology towers

• Notify the Next level SOC Team for further actions

• Escalate security incidents according to the incident response escalation procedure.

• Perform Preliminary Analysis: Trace and gather details related to the alert/notification

• Document the SOC ticket with observed details

• Determine, document and report false positives based on SOC Knowledge Base (KB);

• Provide resolution steps or work-around for low priority incidents

• Track SOC tickets related issues

• Verify logging and reporting of integrated devices on periodic basis

• Verify the up-time, health and status of all managed or monitored devices

SOC Analyst (Level 2)

Deeper understanding in performing further analysis on the ticket and provide suitable solutions to remediate the alert observed

• Collaborate with other technology towers to remediate the Security Incidents

• Document corrective and preventive actions for all IT Security Incidents in the SOC KB

• Perform Event Source Integration with SIEM tool

• Track vendor support issues for deployed devices and update and maintain the tracker.

• Provide security advice to ensure that the Change Requests are implemented in the most secure manners

• Collaborate with different towers to decide on patches & vulnerability remediation steps when a new vulnerability is discovered

• Act as technical lead on SOC shifts and SOC technical projects that are outside the scope of normal shift responsibilities

• Train newly hired SOC Analysts on SOC policies, process and procedures

• Ensure all SOC tickets and ticket related issues are closed as per the SLA

• Verify and audit security incidents for proper categorization and actions taken.

• Provide inputs to Senior SOC Specialist for SIEM tool enhancements and fine tuning

• Ensure all security/SOC reporting requirements are fulfilled on time.