BeyondTech
BeyondTech

Search Code

Experience:

Freshness of position:


Search Code

Requirement:   Cyber Security Manager
Job Description:   The primary objective of a SOC Analyst is to act as the first line of response regarding the potential
occurrence of a cyber-attack or security incident. Supported by the use of several automated tools such as
log correlation engines, SIEM, ticketing system, alerts and warning from both internal and external sources.
This service provided by the SOC Analyst involves receiving, triaging and responding to alerts, requests and
reports and analysing events and potential incidents and to provide primary support for incident
responders.
Triage involves assessing whether a security incident or the level of exposure of a vulnerability is a true or
false positive, tagging the vulnerability or incident with an initial severity classification and to activate the
corresponding incident response playbook entry. Another objective of this service is to follow pre-defined
procedures to perform technical tasks related to identity and access management.
SOC analyst Task List
The following table lists the tasks typically associated with a SOC Analyst Profile Level One. This list is not
exhaustive and may evolve in time, also depending on the type of assignment the analyst will be involved.
SOC Analyst Tasks
• Automatic-based processing (centralisation, filtering and correlation) of security events
• Triage based on verification, level of exposure and impact assessment
• Real-time monitoring of cyber defence and intrusion detection systems
• Human-based analysis of automatically correlated events
• Processing of incoming warnings, alerts and reports
• Categorize events, incidents and vulnerabilities based on relevance, exposure and impact
• Open tickets and ensure case management
• Activate initial response plan based on standard playbook entries
• Maintain incident response address book
• Provide support to incident responders
• Advise affected users on appropriate course of action
• Monitor open tickets for incidents/vulnerabilities from start to resolution
• Escalate unresolved problems to higher levels of support, including the incident response and
vulnerability management specialist.
• Configure the SIEM components for an optimal performance•
Improve correlation rules to ensure that the monitoring policy allows an efficient detection of
potential incidents. For a new component to be monitored, this encompasses:
o Analysing risks and security policy requirements
o Translating them into technical events targeting the system components
o Identifying the required logs/files/artefacts to collect from the monitored system and,
if necessary, possible complementary devices to deploy
o Elaborating the relevant detection and correlation rules
o Implementing these rules in the SIEM infrastructure
o Configuring and tuning cyber-defence solutions
o Reviewing and improving the monitoring policy on a regular basis
• Integrate cyber-defence solutions for efficient detection
• Define dashboards and reports for reporting on KPIs.
• Produce qualified reports (including recommendations) or alerts to management and internal
stakeholders, follow-up on actions
• Contribute to the design of the overall monitoring architecture, in close relationship with the
customers/system owners, on the one hand, and the security operations engineering team,
on the other hand, by performing the following tasks:
o Assessment of security events detection solutions, development of solutions;
o Integration of these solutions within the security monitoring scheme (log collection
architecture, interoperability, formats, network aspects, ...);
o Deployment and validation of the solutions;
o Draft documentation such as architecture design descriptions, assessment reports,
configuration guides, security operating procedures
• Produce and maintain accurate and up-to-date technical documentation, including processes
and procedures (so called playbook), related to security incidents and preventive maintenance
procedures
• Management of identities and its related user accounts
• Management of groups, roles and other means of authorisation
• Solve incidents, requests and problem tickets from 1st Level Support or internal customers
related to identity and access management
• Maintain accurate documentation
• During security incidents, implement detection means to monitor attacker activities in real-
time
• During security incidents, support the incident response team in the review/analysis of
security logs and visualise the attack.• Integrate IOCs in security solutions
• Take an active part in developing and improving the maturity framework, and have it
understood and implemented by the team, by:

o Designing and drafting SOC processes and procedures framework
o Implementing SOC processes and procedures, deploy collaborative tools and
dashboards
o Coaching/training the Telecom Customer team on the processes, procedures and
tools
o Regularly auditing and reporting on maturity to the management
o Reviewing and improving the framework
Provide activity reports to management to demonstrate service SLA and service quality

If interested, please share your updated resume.
Job Location :   Oman
Required Experience :   10 to 15
Required Education :  
Job Posted on :   04-02-2019
Anchor :   Gita
Email ID :   gita@beyondtech.asia
Contact No :   +91-4442932900
Email Resume To :   gita@beyondtech.asia
     
   
Name * :
Email * :
Phone * :
Location :
Upload CV * :