Tier 3 SOC Analyst

Posted 11 Hours Ago
Be an Early Applicant
Johannesburg, Gauteng
Senior level
Cloud • Information Technology • Internet of Things • Software • Business Intelligence
The Role
The Tier 3 SOC Analyst is responsible for detecting and remediating security incidents, providing guidance to lower-tier analysts, conducting root cause analyses, and overseeing the management of security incidents. This role requires in-depth knowledge of security technologies and incident response.
Summary Generated by Built In

Why choose Logicalis?

It’s not just IT solutions, It’s IT global know-how! Logicalis is an international multi-skilled solution provider providing digital enablement services to help customers harness digital technology and innovative services to deliver powerful business outcomes.

Our customers span industries and geographical regions; and our focus is to engage in the dynamics of our customers’ vertical markets; including financial services, TMT (telecommunications, media and technology), education, healthcare, retail, government, manufacturing and professional services, and apply the skills of our 4,500 employees in modernising key digital pillars; data centre and cloud services, security and network infrastructure, workspace communications and collaboration, data and information strategies, and IT operation modernisation. We are the advocates for our customers for some of the world’s leading technology companies including Cisco, HPE, IBM, CA Technologies, NetApp, Microsoft, Oracle, VMware and ServiceNow

Logicalis employees are innovative, smart, entrepreneurial and customer centric, with a shared ambition of making Logicalis the worlds leading IT Solutions provider!

We offer speedy decision-making, opportunities for personal development, and a supportive, inclusive environment that celebrates our diversity.

Join us and become a part of something epic!

ROLE PURPOSE

The Security Operations Centre will provide defence against security breaches and actively isolate and mitigate security risks. The Tier 3 SOC Analyst forms part of the security operations centre SOC team. The SOC Team will identify, analyse, and react to cyber security threats using a reliable set of processes and security technologies. The SOC Team includes the SOC Manager, SIEM Platform Manager, Case Manager, Tier 1 SOC Analysts, Tier 3 SOC Analyst, and Security Analysts. They work with IT operational teams to address security incidents and

events quickly. The SOC Team will provide a critical layer of analysis needed to seek out any irregular activity that could suggest a security incident.

ROLE AND DELIVERY RESPONSIBILITIES:

The job role includes actively participating in the incident detection process as follows:

  • Possesses in-depth knowledge of network, endpoint, threat intelligence, forensics and malware reverse Analysis, as well as the functioning of specific applications or underlying IT infrastructure
  • Acts as an incident “hunter,” not waiting for escalated incidents
  • Closely involved in developing, tuning, and implementing threat detection analytics
  • Acts as the escalation for Tier 1 and 2 SOC Analysts
  • Responds to and oversees the remediation of a declared security incident
  • Completes the Root Cause Analysis Report for P1 to P4
  • Provides guidance to Tier 1 and 2 SOC Analysts
  • Act as Team Leader of Tier 1 and 2 SOC Analysts
  • Uses threat intelligence such as updated rules and Indicators of Compromise (IOCs) to pinpoint affected systems and the extent of the attack
  • Monitors shift-related metrics ensuring applicable reporting is gathered and disseminated to the SOC Manager
  • Make recommendations to the SOC Manager
  • Oversees the analysis on running processes and configs on affected systems
  • Undertakes in-depth threat intelligence analysis to find the perpetrator, the type of attack, and the data or systems impacted
  • Oversees the containment and recovery
  • Oversees the deep-dive incident analysis by correlating data from various sources
  • Validates if a critical system or data set has been impacted
  • Provides support for analytic methods for detecting threats
  • Conducts advanced triage based on defined run books of alerts
  • Undertakes threat intelligence research if need be
  • Validates false positives, policy violations, intrusion attempts, security threats and potential compromises
  • Undertakes security incident triage to provide necessary context prior to escalating to relevant Security Specialists to perform deeper analysis when necessary
  • Further analyses alarms by method e.g. credentials compromised and by asset class
  • Based on the correlation rules and alarms within the SIEM and run books, further analyses anomaly tactic using the MITRE ATT&CK framework
  • Analyses event and process metadata in real-time or retrospectively, and identify suspicious files/scripts seen for the first time
  • Closes tickets in the SIEM platform – this would be automatically created into Service Now
  • Manages security incidents using the SIEM platform and defined operational procedures
  • Performs a further investigation of potential incidents, and escalate or close events as applicable
  • Validates investigation results, ensuring relevant details are passed on to Tier 2 SOC Level 2 for further event analysis
  • Closes out deeper analysis and review activities
  • Assist senior SOC staff with operational responsibilities

KEY PERFORMANCE INDICATORS:

KPI’s

  • SIEM Security Appliance Operations Management
  • Support and Administration
  • Policy Management
  • Platform Monitoring
  • Standard Reporting
  • Service Level Management
  • Various Security platforms administration and configuration, policy configuration
  • Security platforms with SIEM integration and participate in the security incident and event investigations and remediation
  • Ensure IT policies are met with regards to data security and Integrity
  • Ensure IT policies are met with regards to network security

PERSON REQUIREMENTS:

EXPERIENCE:

  • Strong knowledge and experience working with SIEM Solutions, QRadar, McAfee ESM, Azure Sentinel
  • Proven experience with Office 365, Active Directory, SQL, Azure and Microsoft Exchange.
  • Strong knowledge and experience working with Linux Operating systems
  • Good knowledge and experience of TCP/ IP networks including LAN and various WAN technologies including Wireless
  • Good experience working with Mimecast
  • Good experience working Cofense Phisme
  • Good experience working with Nessus or Qualys
  • Good understanding of the MITRE ATT&CK framework
  • Good understanding of the ITIL Framework.
  • Brilliant with a support ticketing system and experience in meeting SLA targets.
  • Familiarity with risk management and quality assurance control.
  • Excellent interpersonal skills and professional demeanor
  • Excellent verbal and written communication skills
  • Candidate must be eligible to obtain National Security Clearance

QUALIFICATIONS:

  • Grade 12
  • SIEM Technology certification
  • ITIL Foundation qualification
  • Degree or Diploma in Computer Technology
  • CompTIA A+, N+ S+
  • CompTIA CySa and CASP+ advantageous

ADDITIONAL SKILLS/ATTRIBUTES:

  • Advanced Microsoft Excel experience, specifically data interpretation
  • Good understanding of IT infrastructure
  • A high command of the English language both written and verbal is essential.
  • Self-motivated with the ability to work unsupervised.
  • Attention to detail
  • Punctuality
  • Excellent verbal and written communication skills
  • Ability to remain flexible and adapt to changing priorities with promptness, efficiency, and ease
  • Possess proficient analytical and decision-making skills
  • Demonstrated capacity for gathering and scrutinizing data to identify issues, opportunities, and patterns
  • Proficient relationship building skills – predict customer behavior and respond accordingly
  • A strong service-oriented (‘can-do’) culture, with a strong focus on the ‘internal customer’ approach, committed to exceeding customer expectations
  • Good communicator with the customer environment
  • Dynamic but aware of the views and feelings of others
  • Able to operate as a good team player
  • Drive and Energy
  • Demonstrate clear purpose, enthusiasm, and commitment

Top Skills

Endpoint
Network
The Company
HQ: Maidenhead
6,500 Employees
On-site Workplace

What We Do

Logicalis is an international solutions provider of digital services currently accelerating the digital transformation of its 10,000 customers around the world.

Through a globally connected network of specialist hubs, sector-leading experts (in education, financial services, government, healthcare, manufacturing, professional services, retail and telecommunications) and strategic partnerships (including Cisco, Microsoft, HPE, IBM, NetApp, Oracle, ServiceNow, and VMware), Logicalis has more than 6,500 employees focused on understanding customer priorities and enhancing their experience.

As Architects of ChangeTM, Logicalis’ focus is to design, support, and execute customers’ digital transformation by bringing together their vision with its technological expertise and industry insights. The company, through its deep knowledge in key IT industry drivers such as Security, Cloud, Data Management and IoT, can address customer priorities such as revenue and business growth, operational efficiency, innovation, risk and compliance, data governance and sustainability.

Similar Jobs

Midrand, City of Johannesburg Metropolitan Municipality, Gauteng, ZAF
12652 Employees

NTT DATA Logo NTT DATA

Data Privacy and Protection Specialist

Information Technology • Business Intelligence • Consulting
Johannesburg South, City of Johannesburg Metropolitan Municipality, Gauteng, ZAF
55092 Employees

FNZ Group Logo FNZ Group

Analyst Developer

Fintech • Payments • Financial Services
Johannesburg, City of Johannesburg, Gauteng, ZAF
4252 Employees

FNZ Group Logo FNZ Group

Analyst Tester

Fintech • Payments • Financial Services
Johannesburg, City of Johannesburg, Gauteng, ZAF
4252 Employees

Similar Companies Hiring

bet365 Thumbnail
Software • Gaming • eSports • Digital Media • Automation
Denver, Colorado
6100 Employees
Jobba Trade Technologies, Inc. Thumbnail
Software • Professional Services • Productivity • Information Technology • Cloud
Chicago, IL
45 Employees
InCommodities Thumbnail
Renewable Energy • Machine Learning • Information Technology • Energy • Automation • Analytics
Austin, TX
234 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account