Search Jobs
Search by job, company or skills
Search by job, company or skills
SOC Analyst L2/RE is an operational role, focusing on ticket quality and security incident deeper investigation and will be responsible to handle the escalated incidents from Level 1 team within SLA.
Responsibilities:
. SOC Analyst L2 would work closely with SOC L1 team, L3 team & customer and responsible for performing deeper analysis and need to interact with client in daily calls and need to take the responsibility of handling the True Positive incidents on time.
. Handle escalated incidents and coordinate with client when required.
. Work closely with Client Duty Officers on any ad-hoc operational requests.
. Collaborate with the Exabeam, Splunk, and Log Source teams to resolve issues as needed.
. Take appropriate action on IOCs received from client when required.
. Fine-tune and create new detection rules based on client requests.
o Create and manage the Incident handling playbook, process runbooks and ad-hoc documents whenever needed
o Recommend finetuning for client with logic and threshold, and possibly the query as well for the SIEM
o Recommend new use cases with logic and threshold, and possibly the query as well for the SIEM
. Provide data from Splunk/Exabeam during client audit activities.
. Share monthly data to client for internal IMM meetings.
. Share top user-reported malicious emails from Abnormal Security for reward and recognition programs.
. Prepare RCA report when required
. Share knowledge to other analysts in their role and responsibilities
. Provide knowledge transfer to L1 such as advance hunting techniques, guides, cheat sheets etc
SOC, SIEM Platforms, Splunk, Exabeam, SOAR platform, Google SecOps, Log Source, Security Operations
Job ID: 134130871
