Security Analyst L2

Responsibilities

• Monitor third party security feeds, forums, and mailing lists to gather information related to the client through automated means
• Produce intelligence outputs to provide an accurate depiction of the current threat landscape and associated risk through the use of customer, community, and open source reporting
• Produce actionable intelligence information for delivery to colleagues and customers in the form of technical reports, briefings, and data feeds
• Review vulnerabilities advisories
• Review and process threat intelligence reports
• Perform detailed investigative works into all traffic anomalies against established, historical baselines of individual agencies. Reviewing and profiling the events of all monitored clients
• Assess each event based on factual information and wider contextual information available
• Review, propose and generate reports to automate or reduce low value event escalations
• Build rules and intelligence to detect such threats and proliferate to all monitored networks
• Implementing and devising detection method of such threats in our security operations through SIEM Rules, DB scripts etc
• Perform periodic analysis of security events, network traffic, and logs to engineer new detection methods, or create efficiencies when available
• Supports the development of tactics, techniques, and procedures in providing proactive threat hunting and analysis against the available information sources (e.g. Netflow, DNS and Firewall logs, etc.)
• Assist the Security Analysts with the investigative works
• Prepare training programme for Security Analyst and conduct knowledge sharing sessions for Security Analyst
• Fulfil Change Requests, Service Requests and respond to internal / external enquiries with regards to detection Use Case
• Any other tasks as assigned

Requirements