Tier 3 SOC Analyst (Incident Management)

Job Title:Tier 3 SOC Analyst (Incident Management)

Location: Riyadh, Saudi Arabia

Employment Type:

Contract

Role – Tier 3 SOC Analyst (Incident Management)

Location - Qatar

Contract - 10 months, extendable

Job summary:

Candidates in this role will be responsible for conducting incident response operations according to documented procedures

and industry best practices. Candidates must have excellent communication skills and extensive experience in multiple

security areas such as SIEM, EDR, NDR, IDS, APT, and WAF. Candidates will be required to participate in multiple intelligence

communities and should be able to disseminate pertinent information throughout the SOC. Ideal candidates should have

extensive experience in Linux and/or Windows operating systems and have deep knowledge of networking and attack

techniques. Candidates must display enthusiasm and interest in Information Security.

Standard job requirements

• Work as a part of the SOC team
• Operate as a first point of escalation for Tier 2.
• Hunt for suspicious anomalous activity based on data alerts or data outputs from various toolsets.
• Review and build new operational processes and procedures.
• Provide first-responder forensics analysis and investigation.
• Triage and resolve advanced vector attacks such as botnets and advanced persistent threats (APTs).
• Work directly with data asset owners and business response plan owners during low and medium severity
  
  

incidents.

• Provide advice on the tuning of Security controls like proxy policy, in-line malware tools based on threat feeds,
  
  

trust and reputation data, incidents, or vulnerabilities, and exploits of downstream systems.

• Develop SOC use cases, provide tuning recommendations to administrators based on findings during investigations
  
  

or threat information reviews.

• Perform Threat hunting based on threat intelligence received from CTI team.
• Lead response actions for incidents where CIRT is not required to intervene (low/medium priority).
• Perform administrative tasks per management request (ad hoc reports/ trainings).
  
  

Functional and Technical Competencies

Must have:

• Passion and drive to work with the potential of significant growth in scope and services
• Good logical and analytical skills to help in the analysis of security events/ incidents
• Experience of network security zones and firewall configurations
• In depth knowledge of TCP / IP
• Knowledge of systems communications from OSI Layer 1 to 7
• Experience with Systems Administration, Middleware, and Application administration
• Experience with Network and Network Security tools administration
• Experience with log search tools, usage of regular expressions, and natural language queries
• Knowledge of log formats and ability to aggregate and parse log data for syslog, http logs, and DB logs for
  
  

investigation purposes.

• Ability to make/create a containment strategy and execute
• Experience with Security Assessment tools (NMAP, Nessus, Metasploit, Netcat)
• Good knowledge of threat areas and common attack vectors (malware, phishing, APT, technology attack, etc.) and
  
  

attack techniques

Nice to have:

• Knowledge of common security frameworks (ISO 27001, COBIT, NIST)
• Knowledge on MITRE ATT&CK, TTPs
• Advanced network packet analysis/forensics skills
  
  

Training, Qualifications, And Certifications

Preferred:

• Graduate degree or equivalent
• 5+ years of minimum experience in Information security
• 2+ years of prior experience in a similar position
• CEH certified
• SEC511: Continuous Monitoring and Security Operations training
• SANS SEC504: Hacker tools, Techniques, Exploits, and Incident Handling training
• SANS FOR500 series training
• Advanced Security Essentials – SEC501 (optional GCED certification)
• Perimeter Protection In-Depth – SEC502 (optional GCFW certification)
  
  

Desired:

• CISSP, GIAC Reverse Engineering Malware (GREM), Offensive Security Certified Expert, GIAC Certified Forensic
  
  

Examiner (GCFE), GIAC Penetration Tester (GPEN), CCIE Security, Certified Digital Forensic Examiner (CDFE)

Tier 3 SOC Analyst (Incident Management) in Riyadh, Saudi Arabia