Performs analysis duties, including:
- Development of Data Dictionaries for log sources to confirm which fields and values are needed or useful for Security Monitoring
- Review of available logs to confirm there are adequate quantities and content to usefully provide Security Monitoring
- Triage SIEM alerts to determine False Positive, Incident, or Technology Misconfiguration
- Perform research at the request of Incident Response teams
- Recognize IoCs on networks and host machines.
- Have basic desktop support skills in Windows and Unix environments (ex. password and log locations)
- Configuring and reading packet captures such as Wireshark.
- Provide technical and thought leadership within SOC by:
- Teaching other SOC Analysts about both traditional and unconventional ways to detect, analyze, and mitigate security incidents and other anomalies
- Regularly recommending new SOC practices and approaches to address program improvement
- Perform case management activities to ensure successful BAU Security
- Monitoring Operations, including:
- Documenting case activities in the system of record
- Documenting current case notes sufficient for effective shift handover, as well as reviewing current status via phone call or in person
- Engaging in all forms of communications (e.g. phone calls, instant-messaging, web page updates) to ensure cases are efficiently investigated by all approved parties, regardless of what company, department, or team they are a member of
- Familiarity with handling of digital evidence (chain of command)
- Author Standard Operating Procedures (SOPs), such as:
- Incident detection use caseneeds, logic, and implementation methods
- use casealert triage workflows
- Training documentation
- Recommending, then implementing approved program improvements
- Consults with other IT areas and the businesses and provides professional support for major components of the company's information security infrastructure.
- Contributes to the development and implementation of security architecture, standards, procedures and guidelines for multiple platforms.
- Consults with the business and operational infrastructure personnel regarding new and existing technologies.
- Recommends new security tools to management and reports and provides guidance and expertise in their implementation.
- Reviews and analyzes complex data and information to provide insights, conclusions and actionable recommendations provides direction and guidance on reports and analyses and ensures recommendations are aligned with customer/business needs and capabilities.
- Ensures that all significant security concerns are addressed.
- Recommends course of action to mitigate risk and ensures that appropriate standards are established and published.
- Contributes to the achievement of area objectives
