L3 SOC Analyst
Bengaluru (Bangalore Urban) IT development
Job description
Position Description:
The Level 3 (L3) SOC Analyst is a core resource on the Security Monitoring team (Blue Team) which operates within
CGI’s Global Security Operations Center (GSOC).
As a member of the Security Monitoring team, the L3 Analyst is responsible for the monitoring, triage and response
of all security alerts coming from SIEM and the security controls directly.
The L3 Analyst will have a broad range of cybersecurity experience and skillsets including knowledge of Windows
and Linux operating systems, knowledge of common threats and attack methodologies, an awareness of industry
standards, and foundational endpoint and network-based analysis techniques.
Your future duties and responsibilities:
Continue the investigation of alerts that have been escalated by L2 Analysts within agreed upon SLA's.
Perform triage of indicators, as needed, and document all findings in the appropriate threat knowledgebase.
Perform In-depth analysis of alerts, outside of Standard Operating Procedures, utilizing intermediate endpoint
and network-based analysis techniques.
Make technical and procedural enhancement recommendations in coordination with other members of the team
to improve the overall capabilities and maturity of the SOC.
Create security incidents from presumed true-positive alerts; and close presumed false-positive alerts.
Support Incident Management (IM) when further investigation is required.
Be a subject matter expert of industry trends, new threats, technologies and common security standards and
frameworks.
Engage and collaborate with other members of the GSOC, as well as internal CGI teams, during the investigation
of alerts.
Report security vulnerabilities identified during BAU activities and provide recommendations to mitigate the
overall security risk to the organization.
Create, review, and enhance Standard Operating Procedure (SOP) documentation.
Utilize and contribute to internal threat intelligence.
Perform handover of priority items at the end of shift.
Review alert queues to identify patterns that may indicate broader security issues by taking a "long-term" view of event analysis (weeks and months)
KEY SKILLS & COMPETENCIES
Ability to communicate clearly and effectively in both verbal and written form.
Ability to think critically when investigating alerts to determine appropriate relevance of the alert details.
Ability to methodically research unknown information; including being able to search for information, take notes, and manage time.
Skilled in time management to ensure that all assigned tasks are completed within requested timeframes.
Knowledge of various networking concepts and the ability to utilize that knowledge during an investigation.
Common concepts include IP Address subnets, Network Address Translation (NAT), and the knowledge of
different protocols and ports.
Knowledge of Windows system administration and Event ID's, including knowing the event ID of common events such as logins, login failures, and process creations.
Knowledge of the Linux operating system including common log storage paths, and common Linux commands.
Knowledge of vulnerability management concepts, as well as Common Vulnerabilities and Exposures (CVE).
Ability to analyze log files utilizing advanced tools and techniques.
Knowledge of network security monitoring techniques.
Advanced knowledge of common threats and vulnerabilities, attack methodologies, threat actors, and attack tools.
Awareness of industry standards and frameworks.
Knowledge of IT Service Management (ITSM) with a focus on Incident Management.
Knowledge of foundational open-source intelligence techniques.
Knowledge of any scripting or programming language.
Knowledge of intermediate or advanced threat hunting techniques.
Experience with mentoring more junior analysts.
Knowledge of malware analysis techniques is an asset.
Knowledge of reverse engineering techniques is an asset.
Required qualifications to be successful in this role:
2+ year degree of diploma with a focus on Information Security or Cybersecurity is an asset, but not required.
Advanced Certifications in Information Security or Cybersecurity related disciplines (e.g., CISSP, CCSP, GSEC,
GSOC, GCIA, GMON, GCDA, GCIH, GCFA, GREM, GNFA).
EXPERIENCE
At least, 3 years of experience working in a Security Operations Center as a SOC Analyst, or similar role.
Experience handling alerts from SIEM and common security controls including Network and Host-based IPS and IDS, Endpoint Security, Firewall, and Cloud security.
Experience using use third-party security intelligence tools, such as Virus Total, to safely triage indicators.
Experience performing alert investigation utilizing advanced digital forensics techniques.
Experience supporting or performing incident response activities.
· Experience producing security reports.
Skills:
· Cyber
What you can expect from us:
Together, as owners, let’s turn meaningful insights into action.
Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because…
You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction.
Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise.
You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.
Come join our team—one of the largest IT and business consulting services firms in the world.