Long term contract for American Company
A Tier 3 SOC Analyst serves as a critical escalation point and deeper investigation resource within the SOC structure. They are expected to possess a more advanced skillset and broader knowledge base than Tier 2 analysts, allowing them to handle more complex security incidents and contribute to proactive security measures.
I. Incident Investigation and Analysis
Advanced Alert Triage and Analysis
* Thoroughly investigate security alerts escalated from Tier 2 or directly generated by security tools.
* Reconstruct event timelines, analyze logs across multiple systems, and correlate disparate data points.
* Deeply understand the context of security incidents, including affected assets, business impact, and potential attack vectors.
* Differentiate between true positives, false positives, and potential false negatives.
* Provide actionable guidance to Tier 2 analysts and relevant teams on containment and remediation actions.
Complex Security Incident Handling
* Lead investigations for complex incidents, such as APTs, malware outbreaks, or significant data breaches.
* Perform malware analysis, including sandbox reports and identification of indicators of compromise (IOCs).
* Conduct network traffic analysis using tools like Wireshark to identify malicious activity.
* Perform endpoint forensic investigations using EDR tools to analyze process execution and registry modifications.
* Analyze logs across SIEMs, firewalls, and operating systems to identify advanced threats.
II. Threat Intelligence and Proactive Security
Threat Intelligence Utilization
* Actively consume and integrate threat intelligence into security investigations.
* Contextualize threats by identifying potential threat actors and their tactics, techniques, and procedures (TTPs).
* Participate in threat hunting activities based on threat intelligence and anomaly detection.
Detection Engineering and Improvement
* Tune and optimize detection rules in SIEM, IDS/IPS, and EDR tools to reduce false positives.
* Identify gaps in detection coverage and propose improvements.
* Develop new detection rules under the guidance of senior analysts.
III. Tooling, Technology, and Technical Proficiency
Advanced Security Tool Proficiency
* Proficiently use SIEM platforms for alert analysis, correlation, and reporting.
* Expertly leverage EDR tools for endpoint investigation, containment, and forensic analysis.
* Analyze firewall logs and contribute to rule tuning.
* Understand IDS/IPS principles and review alerts for suspicious activity.
Scripting and Automation
* Develop scripts in Python or PowerShell to automate security processes and data analysis.
IV. Collaboration, Communication, and Escalation
Collaboration with Tier 2 and Other Teams
* Provide guidance and mentorship to Tier 2 analysts.
* Communicate findings clearly to both technical and non-technical audiences.
* Escalate complex or high-severity incidents to the Incident Response Team with proper documentation.
V. Knowledge of Threat Actor Tools, Tactics, and Behavior
Understanding of TTPs
* Possess strong knowledge of common attack vectors (phishing, malware, web application attacks).
* Understand attacker methodologies across different attack stages (reconnaissance, initial access, persistence, etc.).
* Stay updated on emerging cyber threats and attack trends.