SOC Analysts

Position Responsibilities

1.Incident Handling:
•Handle escalated security incidents from SOC monitor.
•Perform in-depth analysis and investigation of security incidents to determine root cause and impact.
• Coordinate with other security teams for incident resolution and remediation efforts.

2.Threat Detection and Analysis:
•Monitor security alerts and logs to identify potential security incidents.
•Utilize advanced threat detection techniques to identify and analyze security threats.
•Investigate suspicious activities and anomalies within the network and systems.

3.Incident Response:
•Participate in the incident response lifecycle, including detection, containment, eradication, and recovery.
•Develop and maintain incident response playbooks and procedures.
• Assist in the development and execution of incident response exercises and simulations.

4.Documentation and Reporting:
•Document all security incidents, including investigation findings, actions taken, and lessons learned.
•Prepare detailed reports on security incidents, including recommendations for future prevention.

5.Collaboration and Communication:
•Work closely with SOC Monitor to provide guidance and support during incident investigations.
•Communicate effectively with stakeholders regarding the status and impact of security incidents.

6.Continuous Improvement:
• Identify areas for improvement in SOC processes, tools, and technologies.
•Participate in the evaluation and implementation of new security tools and technologies.

Personnel Qualification Requirements

Education:
Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.

Work experience:
A minimum of 4 years of experience in a security operations or similar role, with experience in incident handling and response；

Certifications:
Relevant certifications such as Certified Information Systems Auditor（CISA）,Certified Information Systems Security Professional (CISSP), or similar are preferred.

4.Working Conditions:
May require provide 24/7 oncall coverage.Ability to work under pressure and respond to high-severity incidents promptly.

Personnal Skill Requirements

1.Technical Skills:
Security Technologies:
• In-depth knowledge of SIEM tools and other security technologies.
•Familiarity with intrusion detection/prevention systems (IDS/IPS), firewalls, and endpoint protection.

Network Security:
•Understanding of network protocols, architecture, and security.
•Experience in network monitoring and threat detection.

System Administration:
•Knowledge of operating systems (Windows, Linux) and system configurations.
•Experience in server management and virtualization technologies.

2. Cybersecurity Knowledge:
Threat Detection:
• Advanced understanding of various types of cyber threats, including malware, phishing, ransomware, and advanced persistent threats (APTs).
•Familiarity with attack vectors and TTPs (Tactics, Techniques, and Procedures) used by threat actors.

Incident Response:
•Proficiency in incident response lifecycle, including detection, containment, eradication, and recovery.
•Experience with conducting in-depth analysis, triage, and escalation of security incidents.

Threat Intelligence:
•Ability to leverage threat intelligence sources to enhance detection and response capabilities.
•Understanding of threat intelligence platforms and frameworks (e.g., MITRE ATT&CK).

3.Analytical and Problem-Solving Skills:
Log Analysis:
•Expertise in analyzing logs from various sources (network devices, servers, applications) to identify anomalies and potential security incidents.
Forensic Analysis:
•Advanced understanding of digital forensics and the ability to conduct forensic investigations.
Root Cause Analysis:
•Ability to perform root cause analysis to determine the origin and impact of security incidents.