Tier 3 SOC Analyst (Incident Management)

Job Title:Tier 3 SOC Analyst (Incident Management)

Location: Riyadh 11533, SA

Employment Type: 

Contract

Role – Tier 3 SOC Analyst (Incident Management)
Location - Qatar
Contract - 10 months, extendable 
Job summary:
Candidates in this role will be responsible for conducting incident response operations according to documented procedures 
and industry best practices. Candidates must have excellent communication skills and extensive experience in multiple 
security areas such as SIEM, EDR, NDR, IDS, APT, and WAF. Candidates will be required to participate in multiple intelligence 
communities and should be able to disseminate pertinent information throughout the SOC. Ideal candidates should have 
extensive experience in Linux and/or Windows operating systems and have deep knowledge of networking and attack 
techniques. Candidates must display enthusiasm and interest in Information Security.
Standard job requirements
o Work as a part of the SOC team
o Operate as a first point of escalation for Tier 2.
o Hunt for suspicious anomalous activity based on data alerts or data outputs from various toolsets.
o Review and build new operational processes and procedures.
o Provide first-responder forensics analysis and investigation.
o Triage and resolve advanced vector attacks such as botnets and advanced persistent threats (APTs).
o Work directly with data asset owners and business response plan owners during low and medium severity 
incidents.
o Provide advice on the tuning of Security controls like proxy policy, in-line malware tools based on threat feeds, 
trust and reputation data, incidents, or vulnerabilities, and exploits of downstream systems.
o Develop SOC use cases, provide tuning recommendations to administrators based on findings during investigations 
or threat information reviews.
o Perform Threat hunting based on threat intelligence received from CTI team.
o Lead response actions for incidents where CIRT is not required to intervene (low/medium priority).
o Perform administrative tasks per management request (ad hoc reports/ trainings).
Functional and Technical Competencies
Must have:
o Passion and drive to work with the potential of significant growth in scope and services
o Good logical and analytical skills to help in the analysis of security events/ incidents
o Experience of network security zones and firewall configurations
o In depth knowledge of TCP / IP
o Knowledge of systems communications from OSI Layer 1 to 7
o Experience with Systems Administration, Middleware, and Application administration
o Experience with Network and Network Security tools administration
o Experience with log search tools, usage of regular expressions, and natural language queries
o Knowledge of log formats and ability to aggregate and parse log data for syslog, http logs, and DB logs for 
investigation purposes.
o Ability to make/create a containment strategy and execute 
o Experience with Security Assessment tools (NMAP, Nessus, Metasploit, Netcat)
o Good knowledge of threat areas and common attack vectors (malware, phishing, APT, technology attack, etc.) and 
attack techniques
Nice to have:
o Knowledge of common security frameworks (ISO 27001, COBIT, NIST)
o Knowledge on MITRE ATT&CK, TTPs
o Advanced network packet analysis/forensics skills
Training, qualifications, and certifications 
Preferred: 
o Graduate degree or equivalent
o 5+ years of minimum experience in Information security
o 2+ years of prior experience in a similar position
o CEH certified
o SEC511: Continuous Monitoring and Security Operations training
o SANS SEC504: Hacker tools, Techniques, Exploits, and Incident Handling training
o SANS FOR500 series training
o Advanced Security Essentials – SEC501 (optional GCED certification)
o Perimeter Protection In-Depth – SEC502 (optional GCFW certification)
Desired:
o CISSP, GIAC Reverse Engineering Malware (GREM), Offensive Security Certified Expert, GIAC Certified Forensic 
Examiner (GCFE), GIAC Penetration Tester (GPEN), CCIE Security, Certified Digital Forensic Examiner (CDFE)

#LI-JJ1