For Level 2 Monitoring Analysts we are describing their overall requirements like this:
Monitoring SIEM systems to detect IT security incidents in Stefanini's client environments.
Incident Management:
Incident investigation and diagnosis: analyzing the cause of the incident, selecting a solution/escalation path.
Routing incidents to the correct groups: detailed review of incidents, logging detailed analysis in the ticket. Routing the ticket to the correct group, ensuring communication, and following up within the group.
Tracking the resolution of the incident and providing regular updates to users or representatives regarding the progress/closure of the incident.
Supporting the incident management process, proposing new processes, and developing solutions to improve efficiency.
Responding to requests via email and other electronic means for technical support.
Continuous improvements:
Performing manual alert correlations in accordance with predefined procedures and project/client-specific requirements.
Advising on repeatable processes demonstrated within the company and the IT group.
Offering guidance in defining KPIs, deliverables, and/or metrics for services, processes, and technologies.
Conducting root cause analysis and providing recommendations: regular review of incidents, grouping them by cause, and suggesting measures to reduce/eliminate incidents.
Working in alignment with SLAs for the daily operations of the monitoring team.
Documenting procedures used to resolve issues for future reference.
Assisting junior colleagues with project onboarding and providing technical support when needed.
Offering technical recommendations to the client to mitigate risks and/or actions to be taken to prevent the spread of detected threats.
Proactively searching for potential cyber threats in allocated systems and recommending actions for their prevention.
Creating rules and policies on IT systems based on client/employer requirements.
Actively participating in advanced cybersecurity discussions/meetings and improving technical and non-technical skills, while contributing to company activities aimed at achieving proposed objectives.
Enhancing the quality and level of services offered through technical advice, technical analysis, or resolving cybersecurity vulnerabilities.
Creating daily/weekly/monthly operational reports, as requested by the client/employer, regarding status, statistics, and results achieved by the team and/or personal work.
Job Requirements
Details:
Key Responsibilities
Monitor security alerts, logs, and SIEM dashboards to detect threats and vulnerabilities.
Investigate and respond to security incidents, including malware, phishing, and intrusion attempts.
Perform vulnerability assessments and assist with remediation efforts.
Support implementation and maintenance of security tools such as firewalls, IDS/IPS, EDR, and SIEM solutions.
Conduct security monitoring, reporting, and documentation.
Assist with security audits, risk assessments, and compliance activities.
Collaborate with IT and engineering teams to strengthen security controls.
Required Skills & Qualifications
Bachelor's degree in Cyber Security, Computer Science, IT, or a related field.
2-5 years of experience in information security or security operations (SOC).
Strong understanding of networking fundamentals, protocols, and security concepts.
Experience with SIEM tools (Splunk, QRadar, Sentinel, etc.).
Knowledge of threat detection, incident response, and vulnerability management.
Familiarity with operating systems (Windows, Linux) and security monitoring tools.
Strong analytical, problem-solving, and communication skills.
Stay updated on emerging threats, attack techniques, and security best practices.
Preferred / Good-to-Have
Security certifications such as CEH, Security+ or equivalent.
Experience with cloud security (AWS, Azure, or GCP).
Knowledge of scripting for automation (Python, PowerShell).
Understanding of compliance frameworks (ISO 27001, SOC 2, NIST).
Experience working in SOC or Blue Team environments.
