The SOC analyst is part of KL SOC team engaged in continues security monitoring, lightweight incident response and cyber threat hunting. This position is 1nd tier of monitoring team.
- Analyze security events from endpoints (Windows, Mac, Linux), Network IDS, Web-proxies, Mail-gateways, Active Directory infrastructure
- Detect and investigate information security incidents
- Propose Incident response actions and remediation plan.
- Identification of potential vectors of attacks, develop detection methods of these attacks by existing technological solutions
- Adjust detection logic to fit Customer needs (filter out false positives, customize correlation rules, etc)
- Communicate with Customers regarding detected incidents and suspicious activities.
- Practical experience in the identification and investigation of information security incidents, development of recommendations to prevent similar incidents in the future
- Understanding of the methods, tools and processes to respond to information security incidents
- Experience in network traffic and log-files analysis from various sources
- Knowledge of current threats, vulnerabilities, typical of attacks on information systems and tools to implement them, as well as methods for their detection and response
- Knowledge of network protocols, the architectures of modern operating systems and information security technologies
- Experience in work with ELK stack is welcome
- Certifications (Offensive Security, GIAC) are welcome