DTICI_CSOC L3 Specialist_T7

Tasks

Technical Knowledge:

- Usage of advanced tools to detect and analyse advance threats. - Technical in-depth analyses of an incident by providing detailed technical information on incidents. - Detailed analysis and documentation of the incident timeline and events. - Reviewing and analysing user access logs to identify unauthorized or suspicious activities. - Analysing email logs to trace phishing attacks, spoofed messages and other email-related threats. - Proficiency in using SIEM (Security Information and Event Management) systems, IDS/IPS (Intrusion Detection/Prevention Systems), and other security monitoring tools1. - Check malware with sandbox: Using sandbox environments to safely analyze and understand malware behavior. - Provide (technical) feedback to requests from internal security teams. - Strong ability to analyses complex datasets and identify patterns indicative of security threats. - Support for mail security during incidents: collaboration with L3-Mail-Security and Mail Team, working closely with email security teams to address issues such as spoofed messages and other email threats during incidents. - Alert tuning for incidents. - Refining and tuning alerting systems based on insights and feedback from incident investigations to reduce false positives and enhance detection capabilities. - Setting up of SOC Knowledgebase: Maintaining and managing the CSOC's knowledge base, which contains all the important information such as playbooks, processes, contacts, and more. - Activation and collaboration with CIR Service: In case of a severe incident, CIR Service can be activated to provide support to resolve the incident.

• Incident Response Management: Coordinate the response to security incidents, from identification to resolution.
• Incident Management: Development and implementation of incident management processes.
• Escalation management: Escalation of serious security incidents to senior management and relevant stakeholders.
• Coordination and communication: Collaborate with internal teams and external partners to ensure effective incident response.
• Lessons learned: Conducting post-incident analyses and identifying opportunities for improvement.
• Documentation and reporting: Documentation of all steps and decisions during incident response as well as creation of reports.
• Continuous improvement: Monitoring and evaluating the effectiveness of incident response processes and implementing improvements.

Qualifications

Bachelor’s/master’s degree in computer science, Information Systems, Engineering, Information Security, Cybersecurity, or a related field is required.

Arbeitsort