Security Operations Centre (SOC) Analyst

Key Responsibilities

1. Incident Detection and Analysis:

• Conduct deep-dive analysis on security incidents, assessing root causes, and recommending solutions.
• Proactively monitor and respond to security alerts, managing incident escalation and resolution processes.
• Prepare detailed reports and document incidents to support future analysis and security measures.

2. SIEM Administration and Rule Fine-Tuning:

• Oversee SIEM configurations, including tuning rules to optimize alerting and reduce false positives.
• Conduct SIEM platform upgrades, troubleshoot performance issues, and ensure platform availability.
• Collaborate with IT teams to integrate new data sources into SIEM and enhance visibility.

3. System and Network Security:

• Perform continuous monitoring and analysis across Windows and Linux systems and network infrastructures.
• Utilize tools for traffic analysis, anomaly detection, and threat identification.
• Support configurations and policies within the IT and network environment to strengthen security.

4. ELK Stack and Beats Agent Management:

• Manage and troubleshoot ELK Stack components (Elasticsearch, Logstash, and Kibana) to ensure seamless data flow.
• Perform regular maintenance and troubleshooting of beats agents, ensuring reliable log ingestion and parsing.

5. Security Policies and Compliance:

Contribute to policy updates, ensuring adherence to organizational and industry compliance standards.

Document and enforce security controls aligned with best practices and regulatory requirements.

Skills and Qualifications

Education: Bachelors degree in Information Security, Computer Science, or a related field.

Experience:

Minimum of 5+ years in SOC operations or a similar cybersecurity role.

Proven experience in SIEM administration, incident analysis, and configuration fine-tuning.

Proficiency in monitoring and troubleshooting Windows and Linux systems and managing network security protocols.

o Hands-on experience with the ELK Stack, with expertise in troubleshooting beats agents.

Technical Skills:

Familiarity with SIEM tools (e.g., Splunk, QRadar) and network protocols.

Strong command of incident response processes, security frameworks, and best practices.

Knowledge of communication protocols and system integrations for data protection.

Certifications (preferred): CISSP, CompTIA Security+, CEH, or similar security certifications.

Competencies

Strong analytical skills with attention to detail.

Excellent verbal and written communication abilities.

Ability to work independently and collaboratively in a fast-paced environment.

Additional Preferred Skills

Knowledge of regulatory compliance standards.

Experience in using EDR solutions.

Ability to document processes and create incident playbooks.

This role offers an opportunity to work on advanced cybersecurity initiatives within a dynamic SOC environment, contributing to enhanced organizational security.

Keywords

SIEM administration ,incident analysis ,configuration fine-tuning, Windows ,Linux, network security protocols ,ELK Stack, troubleshooting beats agents ,Splunk,Qradar ,EDR solutions ,Cybersecurity*

Mandatory Key Skills

SIEM administration, incident analysis ,configuration fine-tuning, Windows, Linux,network security protocols,ELK Stack ,troubleshooting beats agents, Splunk, Qradar ,EDR solutions, Cybersecurity*