Tier 1 SOC Analyst - Cyber Threat Analysis Center
DXC Technology
DXC Technology helps global companies run their mission-critical systems and operations while modernizing IT, optimizing data architectures, and ensuring security and scalability across public, private, and hybrid clouds.
Job Description
The Tier 1 Cyber Security Analyst plays a critical role in the initial triage, monitoring, and reporting of potential cyber threats within the Cyber Threat Analysis Centre (CTAC). Working under the guidance of more senior analysts, the Tier 1 Analyst will use their foundational knowledge of security information and event management (SIEM) solutions to support the security operations team. They will also be proficient in utilizing Kusto Query Language (KQL) for log analysis and gain experience using multiple ticketing systems to manage incidents effectively, ensuring that we adhere to our service level objectives.
Responsibilities:
1. Monitor and review security events across various SIEM platforms 24/7/365 to detect, triage, and respond to security incidents.
2. Act as the first line of response for security incidents by identifying, validating, and classifying potential threats, escalating to higher tiers when necessary.
3. Perform preliminary analysis on alerts to determine false positives and escalate confirmed incidents based on pre-defined criteria.
4. Create and manage incident tickets in the system to track incident status and facilitate accurate handovers between shifts.
5. Conduct and document formal handover/takeover procedures at the beginning and end of each shift to ensure continuity of operations.
6. Liaise with Tier 2 and Tier 3 Analysts for complex investigations, continuity briefs, and updates on service status issues.
7. Follow and provide feedback on existing processes; identify and suggest improvements to streamline workflow efficiency.
8. Follow procedures to communicate and report incidents to appropriate team members and document incidents as per CTAC guidelines.
9. Work closely with other CTAC team members, contributing to a cooperative environment while assisting in the completion of assigned tasks.
10. Develop a foundational understanding of security event analysis from network traffic, host logs, and other data sources to support incident identification and escalation.
11. Complete assigned tasks accurately and in a timely manner as directed by senior analysts or management.
12. Engage with available knowledge and training tools to maintain and improve technical skills, enhancing the ability to support CTAC operations effectively.
Knowledge and Skills:
1. Understands and can explain foundational networking concepts, including IP addressing, basic network protocols, and how traffic flows within a network.
2. Basic knowledge of Windows and Linux operating environments, including standard commands, file systems, and user authentication mechanisms.
3. Competence in using SIEM for monitoring and log analysis; some exposure to additional analysis tools such as basic XDR platforms.
4. Able to demonstrate basic knowledge using Kusto Query Language (KQL) to search and filter logs effectively.
5. Familiar with open-source intelligence (OSINT) techniques to aid in identifying potential threats and gathering information.
6. Able to communicate clearly and efficiently with team members and stakeholders, both internally and externally, under direction from senior analysts.
7. Can communicate simple technical issues to non-technical individuals in a clear and understandable way.
8. Able to create concise, structured reports that outline findings from preliminary investigations and daily monitoring activities.
9. Able to manage personal workload effectively to ensure timely completion of assigned tasks within the SOC.
10. Willing to collaborate with team members, accepting guidance and learning from more experienced analysts.
11. Shows initiative in learning new technologies and techniques, leveraging internal resources and training to grow professionally.
12. Able to function efficiently during high-pressure situations, following procedures to ensure consistent performance in incident management.
Education and Professional Experience:
1. A suitable background in IT and a sound understanding of networking with at least one certification along with an enthusiastic approach to IT.
Desirable:
1. IT or security-related certifications.
2. Experience in a SOC or SOC equivalent.
3. SC / DV clearance.
Other Requirements:
1. You will have to undertake SC and / or DV clearance with multiple agencies.
2. Full Driving Licence.
3. Fluent in written and spoken English.
#J-18808-Ljbffr