The primary function of the Security Analyst is to analyze any incidents escalated by the
Level 1 Security Engineer and undertake a detailed investigation of the Security Event. The
The security Analyst shall determine whether the security event will be classified as an incident.
They will be coordinating with the customer IT and Security team for the resolution of the
Security Incident.
Roles and Responsibilities:
- Escalate validated and confirmed incidents to the designated incident response
- Notify the Client of the incident and required mitigation works.
- Fine-tune SIEM rules to reduce false positives and remove false negatives.
- Collect global threat intelligence and internal threats then inject actions based on
- Proactively research and monitor security information to identify potential threats that
- Develop and distribute information and alerts on required corrective actions to the
- Learn new attack patterns, and actively participate in security forums.
- Work closely with Vulnerability Management and designated incident response team.
- Understand the structure and the meaning of logs from different log sources such as
security, etc.
- Understand the subject of SIEM alarms
- Perform Ad-hoc training for L1 analysis.
- Perform threat intel research.
- Ability to run and understand Sandbox Static Analysis.
- Open and update incidents in ITSM to report the alarms triggered or threats detected.
alarms, and other indicators identified in accordance with the intervention protocol of
each client and the SLA.
- Track and update incidents and requests based on the client’s updates and analysis
Skills and Qualifications:
- Knowledge and hands-on experience in the implementation and management of
- Experience with Security Information Event Management (SIEM) tools, creating
Vulnerability Assessments.
- Should have expertise in TCP/IP network traffic and event log analysis.
- Knowledge and hands-on experience with any of the SIEM tools like LogRhythm,
- Knowledge of ITIL disciplines such as Incident, Problem, and Change Management.
- Configuration and Troubleshooting experience on Checkpoint, Cisco, Fortigate,