Duties and Responsibilities

• Collect and analyze threat intelligence reports covering new threats, vulnerabilities, products, and researchs.
• Review subscribed threat intelligence feeds and recreates custom ones.
• Create SIEM Detection use cases.
• Deliver Threat Intelligence reports.
• Update Cyber Castle’s TIP with IOCs.
• Track APTs activities and campaigns.
• Conduct Digital forensics and Incident response

Qualifications

• A bachelor’s degree in computer science, programming, or a related field
• Experience with python scripting language.
• Good understanding of STIX and TAXII.
• Good understanding of MITRE Framework TTPs.
• Familiar with SIEM Solutions such as Qradar or ELK Stack.
• Familiar with Digital forensics and Incident response.

SOC Analyst Tier 1 analysts are responsible for real-time monitoring of security alerts, doing triage on them, and deciding whether an alert is serious enough to be escalated to a Level 2 analyst. Level 1 analysts set rules for filtering out noise and determining which alerts get bubbled up to Tier 2 analysts.

Duties and Responsibilities

• Create tickets for incident alerts and prioritize, correlate and analyze events and incidents.
• Analyze security events to verify incidents and their potential impact and risk to the clients.
• Provide monitoring on shift-based, analyzing, and alerting of IT security events and incidents.
• Provide the data required to generate SOC reports and metrics.
• Eliminate false-positive events.

Qualifications

• A bachelor’s degree in computer science, programming, or a related field.
• Minimum 6 months experience working as SOC Analyst
• Experience in working with Qradar
• Experience with scripting languages such as Python, PowerShell, bash
• Good understanding for Networking

SOC Tier 2 analysts are responsible for drilling down into the alerts they receive from Level 1 and correlating them with other information to see if a security incident might have occurred and determine the appropriate responses. As part of this exercise, they understand the potential impact of the security incident on enterprise assets and help guide incident response.

Duties and Responsibilities

• Perform detailed analysis of incidents in order to gather more information about the incidents under investigation.
• Prepare and share incident analysis data to initiate a response to validated incidents by engaging required teams or resources to address the security incidents.
• Provide support during incident containment, investigation, eradication, and recovery.
• Create the use cases based on the threat Intelligence.
• Produce the standard and ad hoc reports in a timely manner.
• Develop and maintain the required dashboards which include details on KPIs, SLAs, and other relevant security metrics and details.

Qualifications

• A bachelor’s degree in computer science, programming, or a related field.
• Minimum one and half year experience working as SOC Analyst
• Good Experience in Incident Handling
• Good Experience in working with Qradar
• Good understanding of different log sources
• Experience with scripting languages such as Python, PowerShell, bash
• Experience in creating detection use cases
• Good understanding of MITRE framework
• Good understanding of Networking