SOC L2 & L3 Analyst

For both L3 Senior SOC Analyst and L2 SOC Analyst: Threat Hunting: Proactive identification of advanced threats, anomalies, and malicious activities within the bank's network and systems. Incident Response (IR): Participation in the full incident response lifecycle, including detection, analysis, containment, eradication, recovery, and post-incident review.Alert Finetuning: Continuous optimization and reduction of false positives from security alerts across various security tools (e.g., SIEM, EDR, IDS/IPS). Coordination: Seamless coordination and communication with various internal teams within the bank (e.g., IT Operations, Application Development, Infrastructure, Business Units) during security incidents and daily operations. Management Reporting: Preparation of clear, concise, and actionable reports for management on security incidents, threat intelligence, SOC performance, and project status. Log Source Validation: Ensuring the proper onboarding, configuration, and validation of security log sources into the SIEM (Splunk) to ensure comprehensive visibility. Splunk Expertise: Advanced proficiency in Splunk for security monitoring, dashboard creation, query optimization, and data analysis. Specific to L3 Senior SOC Analyst: SOC Vendor Management: Acting as a primary liaison with various SOC technology vendors, managing relationships, ensuring service level agreements (SLAs) are met, and driving product enhancements. Strategic Input: Providing strategic input on SOC roadmap, technology selection, playbooks and process improvements. Mentorship: Mentoring and guiding junior SOC analysts.Resource Requirements and QualificationsThe vendor must provide resources that meet the following minimum qualifications: 4.1 L3 Senior SOC Analyst (1 Resource) Experience: Minimum of 7-10 years of dedicated experience in a Security Operations Center (SOC) environment, with at least 3-5 years in a senior or lead role. Expertise:Demonstrable expertise in advanced threat hunting methodologies and techniques.Proven experience in managing SOC vendors, including contract negotiation, performance monitoring, and issue resolution.Extensive experience in leading and executing complex incident response activities.Deep understanding of SIEM (Splunk preferred) alert correlation, rule creation, and optimization.Strong background in financial services industry cybersecurity.Application and DB logsApplication use case Technical Skills:Advanced Splunk expertise (Splunk Enterprise Security experience highly desirable).Proficiency in scripting languages (e.g., Python, PowerShell) for automation and analysis.Extensive experience with Endpoint Detection and Response (EDR) and Network Detection and Response (NDR) platforms.Familiarity with various security technologies (e.g., Cloud Security, Vulnerability Management). Certifications (Highly Preferred): CISSP, SANS GIAC certifications (e.g., GCIH, GCFA, GNFA, GDAT), OSCP. Soft Skills: Excellent communication, leadership, problem-solving, and analytical skills. Ability to work effectively under pressure. 4.2 L2 SOC Analyst (1 Resource) Experience: Minimum of 3-5 years of dedicated experience in a Security Operations Center (SOC) environment. Expertise:Solid experience in performing threat hunting activities.Hands-on experience in incident detection, analysis, and initial response.Experience in finetuning security alerts and managing SIEM rules.Understanding of log source integration and validation processes.Background in financial services industry cybersecurity. Technical Skills:Proficiency in Splunk for security monitoring and basic query writing.Hands-on experience with Endpoint Detection and Response (EDR) and Network Detection and Response (NDR) tools.Familiarity with common security tools and technologies. Certifications (Preferred): CompTIA Security+, CySA+, Splunk Core Certified User/Power User. Soft Skills: Strong analytical, communication, and teamwork skills. Eagerness to learn and adapt.