SOC L2

**Job Information**:
Industry
- BankingWork Experience
- 4-5 yearsSalary
- 30000 to 35000City
- CairoState/Province
- AI QahirahCountry
- EgyptZip/Postal Code
- 11311- Level 2 SOC Analyst Evaluates incidents identified by tier 1 analysts. Uses threat intelligence such as updated rules and indicators of compromise (IOCs) to pinpoint affected systems and the extent of the attack. Analyze running processes and configures on affected systems. Carries out in-depth threat intelligence analysis to find the perpetrator, the type of attack, and the data or systems impacted.
- Research, analysis, and response for alerts; including log retrieval and documentation
- Conduct analysis of network traffic and host activity across a wide array of technologies and platforms
- Assist in incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts
- Recognize cyber-attacks based on their signatures. Differentiate the false positives from true intrusion attempts and help remediate/prevent cyber attacks
- Compile detailed investigation and analysis reports for internal CSOC consumption and delivery to management
- Analyze network traffic, IDS/IPS/DLP events, packet capture, and FW logs
- Analyze malicious campaigns and evaluate effectiveness of security technologies
- Develop advanced queries and alerts to detect adversary actions
- Lead response and investigation efforts into advanced/targeted attacks
- Identify gaps in IT infrastructure by mimicking an attacker’s behaviors and responses
- Provide expert analytic investigative support of large scale and complex security incidents
- Perform Root Cause Analysis of security incidents for further enhancement of alert catalog
- Continuously improve processes for use across multiple detection sets for more efficient Security Operations
- Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed

**Requirements**:

- BSc is a must, MSC is preferable.
- 3-5 years’ experience working within the information security field
- Good communication skills (English, Arabic)
- Good working knowledge of:

- TCP/IP stack
- Knowledge of Networking protocols and technologies, e.g. TCP/IP, Firewalls, Routers, etc.
- Knowledge of Security principles, techniques and technologies
- Understanding the technical aspects of the Information Security
- Server platforms (UNIX, Windows etc.), Networking, security (Firewalls, IDS/IPS, proxy systems etc.)
- Direct prior experience with Qradar is preferred.
- Prior experience as a SOC Analyst ideally working within a Computer Incident and Response Team (CIRT)
- Certification Preferred: (CISSP, GIAC - GREM/GCIH/GCIA/GCFA) are a strong asset
- Proficiency in scripting languages (Python, shell, etc.)
- Proficient in preparation of reports, dashboards and documentation.

**Skills**:

- Ability to handle high pressure situations with key stakeholders.
- Working knowledge and experience with MS office.