Tier 1 SOC Analyst

Why choose Logicalis?

It’s not just IT solutions, It’s IT global know-how! Logicalis is an international multi-skilled solution provider providing digital enablement services to help customers harness digital technology and innovative services to deliver powerful business outcomes.

Our customers span industries and geographical regions; and our focus is to engage in the dynamics of our customers’ vertical markets; including financial services, TMT (telecommunications, media and technology), education, healthcare, retail, government, manufacturing and professional services, and apply the skills of our 4,500 employees in modernising key digital pillars; data centre and cloud services, security and network infrastructure, workspace communications and collaboration, data and information strategies, and IT operation modernisation. We are the advocates for our customers for some of the world’s leading technology companies including Cisco, HPE, IBM, CA Technologies, NetApp, Microsoft, Oracle, VMware and ServiceNow

Logicalis employees are innovative, smart, entrepreneurial and customer centric, with a shared ambition of making Logicalis the worlds leading IT Solutions provider!

We offer speedy decision-making, opportunities for personal development, and a supportive, inclusive environment that celebrates our diversity.

Join us and become a part of something epic!

Purpose

The Security Operations Centre will provide defence against security breaches and actively isolate and mitigate security risks. The Tier 1 SOC Analyst forms part of the security operations center SOC team. The SOC Team will identify, analyse and react to cyber security threats using a reliable set of processes and security technologies. The SOC Team includes the SOC Manager, SIEM Platform Manager, Case Manager, Tier 2 SOC Analysts, Tier 3 SOC Analyst, and Security Engineers. They work with IT operational teams to address security incidents and events quickly. The SOC Team will provide a critical layer of analysis needed to seek out any irregular activity that could suggest a security incident.

Job role

The job role includes actively participating in the incident detection process as follows:

• Act as the first responder and first line support in security events across source security systems being monitored
• Continuously monitors the alert queue on a 24 X 7 shift rotation basis
• Continuously monitors services utilising a number of toolsets
• Conducts initial triage based on defined run books of alerts
• Identifies potential, false positives, policy violations, intrusion attempts, security threats and potential compromises
• Consolidates data through alert triage to provide necessary context prior to escalating to relevant Security Engineering Specialists to perform deeper analysis when necessary
• Manages customer security event & incidents and service requests via the Logicalis Optimal Services Portal
• Identifies alarms by method e.g. credentials compromised
• Identifies alarms by asset class
• Based on the correlation rules and alarms within the SIEM and run books, identifies the potential anomaly tactic using the MITRE ATT&CK framework
• Creates initial tickets in the SIEM platform – this would be automatically created into Service Now
• Monitors incoming event queues for potential security incidents using the SIEM platform and defined operational procedures
• Performs a preliminary investigation of potential incidents, and escalate or close events as applicable
• Monitors SOC ticket (or email) queue for potential event reporting from outside entities and individual users
• Documents basic investigation results, ensuring relevant details are passed on to Tier 2 SOC Level 2 for further event analysis
• Handles customer calls into the SOC Support Services Desk
• Monitors basic security infrastructure health of security sensors and relevant source security systems
• Collects data and context necessary to initiate Tier 2 or Tier 3 deeper analysis and review activities
• Performs activities in a SOC environment that is 24x7x365 on a day/night shift rotation basis, including weekend and holiday. A specific shift cannot be guaranteed but attempts will be made to place personnel on their desired shift
• Prepares Security Reports for Customers across platforms and Security Services
• Run through basic security health checklists on a daily basis to ensure security systems are running optimally
• Ensure that when problems are discovered that they are solved effectively and creatively if required
• Assist senior SOC staff with operational responsibilities

Competencies & experience required

• 1 year experience in IT Infrastructure Support, and a further 1 year track record as a Tier 1 SOC Analyst in a SOC
• Basic knowledge of networks technologies (protocols, design concepts, access control)
• Basic knowledge of security technologies (firewalls and endpoint protection)
• Basic IT infrastructure technical and problem-solving skills
• Good communication skills, both written and oral
• Team player
• Analytical skills
• Report writing skills
• Good verbal communication skills

Education required

• Grade 12
• Degree or Diploma in Computer Technology
• CompTIA A+, N+ S+
• Microsoft Azure Security related certificate.
• CompTIA CySa and CASP+ advantageous