SOC Monitor

Position Responsibilities

1.Monitoring and Analysis:
•Continuously monitor security events using various security information and event management (SIEM) tools.
•Analyze logs and alerts from different sources to identify potential security threats and incidents.

2.Incident Response:
• Respond to security incidents, including malware infections, network intrusions, and data breaches.
•Perform initial triage and assessment of security incidents.
•Escalate incidents to higher-level security analysts or incident response teams as needed.

3.Threat Detection:
•Identify and investigate suspicious activities and anomalies within the network and systems.
•Use threat intelligence sources to stay informed about the latest security threats and vulnerabilities.

4.Documentation and Reporting:
•Document all security incidents, including the steps taken to investigate and resolve them.
•Prepare regular reports on security incidents, findings, and remediation efforts.

5.Security Controls:
•Ensure the effectiveness of existing security controls and recommend improvements.
•Assist in the implementation and maintenance of security tools and technologies.

6.Collaboration and Communication:
•Work closely with other IT and security teams to resolve security incidents.
•Communicate effectively with stakeholders regarding security issues and incident status.

Personnel Qualification Requirements

1.Education:
Bachelor’s degree in Information Security, Computer Science, or related field.

2.Work experience:
1.1-3 years of experience in a security operations or similar role；
2.Candidates with experience in SOC,network monitoring or security analysis are preferred.

3.Certifications:
Relevant certifications such as Certified Information Systems Auditor（CISA）,Certified Information Systems Security Professional (CISSP), or similar are preferred.

4.Working Conditions:
May require shift work to provide 24/7 monitoring coverage.Ability to work under pressure and respond to high-severity incidents promptly.

Personnal Skill Requirements

1.Networking
•Understanding of TCP/IP, network protocols, and network security architecture.
•Knowledge of network devices such as routers, switches, firewalls, and VPNs.

2.System Administration:
• Proficiency in managing and securing operating systems (Windows, Linux).
• Experience with server management, virtualization, and cloud computing platforms (Huawei Cloud,AWS, Azure, Google Cloud).

3.Security Tools:
•Proficiency in using SIEM tools (e.g., Huawei SecMaster,Splunk, ArcSight, QRadar).
• Familiarity with intrusion detection/prevention systems (IDS/IPS), endpoint protection, and vulnerability management tools.

4.Analytical and Problem-Solving Skills
•Log Analysis:Proficiency in analyzing logs from various sources (network devices, servers, applications) to identify anomalies and security incidents.
•Root Cause Analysis:Ability to perform root cause analysis to understand the origin and impact of security incidents.