Security Analyst - Level 2
- Mandaluyong, PhilippinesMandaluyong, Metro Manila, PhilippinesMandaluyongMetro ManilaPhilippines
- Full time
Level 2 security analysts own the successful completion of all procedures executed during their presence in the SOC. The level 2 analysts own the documentation and measurement of all subordinate procedures as well as the continual improvements to them. They are also responsible for the executions of the information fusion procedure, where various data inputs are fed to both operations and engineering to automate detection of new indicators and to filter out conditions that are not actionable for their organizations. These senior analysts will gather information, collate it into an accessible format, and ensure its full dissemination. Level 2 analysts are responsible for the subtle event process—long-term analysis and deep dive investigation into network activity. Specifically, the level 2 analyst will:
- Monitor level 1 analyst performance by investigating incoming events using SOC-available tools.
- Ensure level 1 event(s) are addressed in a timely manner using available reporting and metrics.
- Approve and, if necessary, further investigate level 1-escalated events.
- Mentor level 1 analysts to improve detection capability within the SOC.
- Manage SOC event and information intake to include gathering intelligence reports, monitoring ticket queues, investigating reported incidents, and interacting with other security and network groups as necessary.
- Serve as detection authority for initial incident declaration.
- Function as shift subject-matter experts (SMEs) on incident detection and analysis techniques, providing guidance to junior analysts and making recommendations to organizational managers.
- Drive and monitor shift-related metrics processes ensuring applicable reporting is gathered and disseminated per SOC requirements.
- Conduct security research and intelligence gathering on emerging threats and exploits.
- Serve as a backup analyst for any potential coverage gaps to ensure business continuity
- Advanced knowledge in Network and Network Security
- Analyse HTTP/HTTPS traffic via log data for security events, hardware / software / network issues
- Participate in projects specific to Security Operations Center roadmap
- Perform security incident analysis and recommend remediation steps
- Communicate via phone, email, chat with customer support teams and contacts
- Work escalations from SOC analysts to completion in ticket tracking system
- Able to apply anomaly detection concepts utilizing thresholds and statistics derived by more advanced analysis
- Understanding of DLP engine, rule sets, and operations
- Can perform basic DLP tuning procedures based on findings
- Experience configuring OS specific host policies to identify, monitor, and alert on data, file, and system changes
- Demonstrated knowledge and experience conducting forensic investigations and solid understanding of evidence, chain of custody, and its application to security operations
- Good Communication skill (written, verbal, presentation)
- Ability to provide relevant and timely analysis and recommendations to customers based on analysis of events from a SIEM platform
- Ability to provide technical and service leadership to L1 and other L2 analysts
- Ability to consistently deliver to deadlines while prioritising competing demands for time, without sacrificing quality
- Professional, hard-working and have the ability to pay attention to detail
- Good understanding of ITIL processes, including Change Management, Incident Management and Problem Management
- Willingness to share information, to improve documentation, and train other analysts
- Willing to work on shift rotation.
Feel secure when applying: look for the verified icon and always do your research on a company. Avoid and report situations when employers require payment or work without compensation as part of their application process.