FAQs
What is the primary role of the IT CoE SEC SOC Network position?
The primary role involves performing reactive incident analysis, documenting incidents, identifying threats through research and data analysis, and assisting various teams in understanding and mitigating security issues.
What are the main responsibilities associated with this job?
Main responsibilities include incident analysis, documentation for handover to other teams, threat identification, remediation follow-up, assisting users and teams with security issues, executing threat hunts, and suggesting detection use cases.
What qualifications are preferred for this role?
Candidates should have prior experience as a network or system administrator, along with at least 3 years of experience in a SOC analyst role.
Which tools are essential for this position?
Essential tools include Azure Sentinel, Microsoft KQL, Microsoft E5 security stack (including Defender for Endpoint, Defender for Identity, Defender for O365, and Defender for Cloud), and Defender for Cloud.
What type of analysis skills are required for this role?
Required analysis skills include malware incident analysis, interpreting email headers for phishing campaigns, knowledge of threat actor TTPs (Mitre Att&ck), creating detection hypotheses, and suggesting rule tunings.
Is prior experience in network or system administration necessary?
Yes, prior experience as a network or system administrator is considered a serious plus for this position.
Will the role involve working with playbooks?
Yes, the role will involve following existing playbooks and suggesting improvements to enhance their effectiveness.
What is the desired knowledge regarding threat actors?
Candidates should possess good knowledge of TTPs used by various threat actors and how to detect them, particularly using the Mitre Att&ck framework.
How important is data analysis in this position?
Data analysis is crucial, as effective threat identification and incident resolution rely on relevant research and analysis skills.
Are team collaboration skills important for this job?
Yes, strong collaboration skills are essential for assisting end users, Local IT Teams, and other support teams in addressing security issues.