Senior Level - SOC Detection Analyst

Key Responsibilities:

• Advanced Security Event Analysis & Triage:
• Perform in-depth analysis and triage of escalated security events from tools such as SIEM, IDS/IPS, and EDR.
• Correlate data from various sources to validate security incidents and provide actionable intelligence.
• Determine the scope and impact of incidents and document findings clearly for incident response teams.
• Detection Rule Development & Optimization:
• Develop and fine-tune detection rules, alerts, and dashboards within the SIEM platform to improve detection capabilities.
• Analyze and optimize existing detection logic based on trends, intelligence, and best practices to reduce false positives.
• Stay updated on emerging threats and attack techniques to proactively develop new detection strategies.
• Threat Intelligence Integration:
• Leverage threat intelligence feeds to enrich security event analysis and correlate with internal data to identify indicators of compromise (IOCs).
• Contribute to the development of threat profiles and attack scenarios tailored to the organization's specific needs.
• Incident Escalation & Collaboration:
• Serve as a point of escalation for complex or high-severity events.
• Collaborate with incident responders, threat hunters, and other teams to provide critical analysis during incident handling.
• Provide mentorship and technical guidance to junior analysts during the triage and analysis stages.
• Security Tooling & Technology Expertise:
• Maintain expertise in the organization's security tools and infrastructure to ensure optimized functionality.
• Troubleshoot and address issues related to security monitoring tools and contribute to their optimization.
• Evaluate and recommend new security technologies or enhancements for improved detection and response capabilities.
• Development of Knowledge and Procedures:
• Contribute to developing and maintaining SOC knowledge base articles, standard operating procedures (SOPs), and playbooks.
• Share insights, knowledge, and best practices through mentorship and training of other SOC analysts.
• Proactive Threat Hunting Support:
• Collaborate with threat hunters to provide insights from analysis, identifying focus areas for proactive investigations.
• Assist in the execution of threat hunting methodologies based on real-time security data and analysis findings.
• Reporting & Metrics:
• Contribute to the development of key performance indicators (KPIs) for detection effectiveness.
• Prepare and present reports on detection trends, alert volumes, and findings to stakeholders and leadership.

Mandatory Skills:

• SIEM (Security Information and Event Management) expertise.
• Hands-on experience with IDS/IPS, EDR, and other security tools.
• Ability to develop and optimize detection rules and alerts in SIEM platforms.
• Strong knowledge of threat intelligence integration and IOCs.
• Experience in incident response and escalation management.
• Advanced analytical and troubleshooting skills to identify and assess security events.

Desired Skills:

• Familiarity with emerging cybersecurity trends and attack techniques.
• Experience with security automation tools or methodologies.
• Ability to collaborate across teams and provide mentorship to junior analysts.
• Expertise in reporting and creating metrics for security operations.