SOC Analyst(L1)
Gulf Business Machines
Total years of experience :9 years, 7 Months
Experience with Security Information and Event Management (SIEM) tools like Splunk with 24x7 operations.
The security analyst monitors security events from the various SOC entry channels (SIEM, Tickets, Email and Phone), based on the security event severity, escalate to managed service support teams, tier 2 information security team, and/or customer as appropriate to perform further investigation and resolution.
Raising incident with concern team, respond incident and service request and bring together
Watch Active channels and Dashboard and create annotations.
Investigate incident with active channel/events /graphs annotations and reports
Hands on experience in monitor events and investigate incident a daily based
Additional information to either resolve or escalate the issue to appropriate teams.
Generating and Investigating DLP Alerts based on data classification to USB, cloud data movement or email through Forcepoint Tool
Handling Daily operations & troubleshooting issues of email security gateway (Trust- wave, Mimecast).
Analysis and review of Data Leakage Prevention (DLP) through Forcepoint DLP for various channels such as Email, Removable media and web and instant response to theft or loss.
Vulnerability assessment and reporting using Nessus and Qualys and patch management cycles in coordination with asset owners.
Making incident report for the shift and submit to the Team Lead.
Follow up Day to day Cyber incidents and find the cyber threat in our environment and take necessary actions
Analyze spam and phishing Emails Find the IOC’s and block
Take follow up and closing of the tickets based on the client response
Provide communications related to security Events.
Monitor and respond to all required operational support network events.
Communicating with clients regarding issues.
Monitoring IOC’s (Indicators of Compromise)
Analyze the alerts and send to respective teams and getting it resolved.
Finding threats related to new incidents and take appropriate mitigations
Escalate the incident to the next level as compare per the SOP and escalation matrix
Provide the logs (ad-hoc) requests from Arc sight, LogRhythm to the respective teams as per their requirements from stake holder
Keeping track of inventory and update as & when required
Daily, weekly & fortnightly report generation and share it across SOC team for review.
Providing L1 support to over 5, 000+ users for all Manage Services customer.
Responsible for the day-to-day monitoring of the networking devices for 24 x 7 call support of the production environments.
Monitoring routers, switches, and other networking devices in Manage Engine OP Manager.
Monitoring the performance and capacity of computer systems.
Performing regular checks on network hardware and software.
Provide first level support to any report issue and escalate to second level by using HelpDesk ticketing tools (ServiceNow, Manage Engine, HPSM).
Have skill to identify and troubleshoot basic network-level issues.
Knowledge of DNS, TCP-IP and other basic networking concepts.
Proven analytical and problem-solving abilities.
Providing L1 remote support to over 5, 000 users for all Manage Services customers via Helpdesk calls, emails and chat.
Ticket Logging and Engineer Assignment in ServiceNow, Manage Engine, BMC Remedy.
Providing remote support for users using Dameware, SCCM and Netop remoting tools.
Troubleshooting and performing deep level analysis for technical issues in
(Windows/Office 365/MAC/Network/Printers/Scanners/Cisco IP Phone/Avaya).
Supporting Call Center staff (Network Issues / IP Phone issue).
Providing Application Support (Opera, Avaya, Oracle, Dynamics CRM 365 etc).
Monitoring routers, switches, network, servers and other devices in Manage Engine tool.
Escalating of tickets to appropriate support groups within the organization.
Installation of software using SCCM (Software Center).
Review Symantec antivirus definitions (Antivirus Update).
VOIP phone Extension creation, witness access, FAC code creation in Cisco Call Manager.
Creating and managing Windows user ID’s and administration in Active Directory.
Creating and managing Oracle ERP HRMS user ID’s.
Follow complete procedure of ITIL and ITSM tool for request.
Preparation of Daily/Weekly/Monthly reports