Teamware Solutions is seeking a dedicated SOC Support L2/L3 Analyst to join our Security Operations Center. You'll be a critical part of our cybersecurity team, responsible for advanced threat detection, incident response, and in-depth analysis of security events, ensuring the continuous protection of our infrastructure and data. This role demands strong analytical skills and a proactive approach to cybersecurity threats.
Key Responsibilities
- Perform advanced security monitoring and analysis of security events from various sources (SIEM, EDR, network logs, etc.) to detect and identify potential threats, intrusions, and anomalies.
- Lead incident response activities for complex security incidents (e.g., malware outbreaks, phishing campaigns, unauthorized access), from initial triage and containment to eradication and recovery.
- Conduct in-depth forensic analysis on compromised systems to determine root causes, attack vectors, and impact.
- Develop and refine SIEM correlation rules, alerts, and dashboards to enhance threat detection capabilities.
- Provide L2/L3 support for security incidents, acting as an escalation point for junior analysts and guiding their investigations.
- Research emerging threats, vulnerabilities, and attack techniques, and propose proactive mitigation strategies.
- Create detailed incident reports, post-mortem analyses, and remediation plans.
- Collaborate with IT, network, and application teams to implement security controls and improve overall security posture.
Qualifications
- Proven experience in a Security Operations Center (SOC) role at L2 or L3 level.
Skills Required:
- Strong expertise in SIEM platforms (e.g., Splunk ES, Microsoft Sentinel, IBM QRadar, Elastic SIEM) for security event monitoring, correlation, and analysis.
- Hands-on experience with Incident Response methodologies and tools.
- Proficiency in network security concepts (firewalls, IDS/IPS, VPNs), endpoint security (EDR/XDR), and cloud security principles.
- Solid understanding of common cyberattack techniques, tactics, and procedures (TTPs), including MITRE ATT&CK framework.
- Experience with forensic analysis tools and techniques for host and network forensics.
- Knowledge of scripting languages (e.g., Python, PowerShell) for automation and analysis.
- Excellent analytical, problem-solving, and communication skills to articulate complex security issues.
- Relevant cybersecurity certifications (e.g., CompTIA CySA+, SANS GCIH, GCFA, CEH, SC-200, SC-900).
Preferred Skills:
- Experience with cloud security monitoring in platforms like AWS, Azure, or GCP.
- Familiarity with threat intelligence platforms and frameworks.
- Knowledge of compliance standards (e.g., ISO 27001, NIST, GDPR).
- Experience with vulnerability management and penetration testing concepts.
