SOC L0 Analyst

Introduction
At IBM, work is more than a job - it's a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you've never thought possible. Are you ready to lead in this new era of technology and solve some of the world's most challenging problems? If so, lets talk.

Your Role and Responsibilities
As a L0 Analyst you will deal with cyber security, spam and phishing events as reported by SIEM, TIP, security tools, email, chat, phone calls or direct messages, with the final purpose to identify which event is a cyber security incident and to report GDPR-related events to the DPO.

In your daily work you will review alerts, threat intelligence and security data, identify threats that have entered the network and security gaps and vulnerability currently known. In this role, you will identify events according to documented procedures and industry best practices. You will be required to follow the incident response plan and assist Cyber Threat Response Analysts when necessary.

You will be part of the SOC team that runs 24x7, on a rotating shift schedule.

• First point of contact for cyber security and GDPR-related events
• First point of analysis of threat intelligence reports
• Support investigation of cyber security and GDPR-related incidents
• Conduct events triage
• Conduct spam and phishing analysis and reaction, and provide recommendations for future similar events
• Profile and trend events in the environment to determine if an incident needs to be created
• Provide incident communication and escalation as per the security incident response guidelines
• Create and deliver GDPR-related events reports and notices
• Hunt for suspicious anomalous activity based on data alerts or data outputs from various toolsets
• Escalate IT security tools issues, when necessary
• Create and maintain daily activity log
• Perform administrative tasks as per management request (ad-hoc presentations, trainings, etc.)
• Assist continuous improvement of processes and work with other teams to improve alerts and rules in the incident monitoring systems

Required Technical and Professional Expertise
• At least one year experience in a similar role
• Experience with analyzing network and endpoint traffic
• Exposure to network devices, Microsoft Windows systems, UNIX systems, and other security assessment tools (NMAP, Nessus, Metasploit, Netcat, etc.)
• Experience in threat intelligence report analysis
• Experience with log management and security information management tools
• Experience with SIEM, SOAR, UBA, anti-malware, spam, phishing and TIP tools
• Knowledge of log formats from various log sources
• Knowledge of data protection regulation key principles
• English language at B2 level or above

Preferred Technical and Professional Expertise
• Experience with Splunk Enterprise Security solution (would be an advantage)
• Basic programming skills: Python, C/C++/Perl and other scripting languages (would be an advantage)
• An understanding of contemporary and legacy security technologies (e.g. IDS, Firewalls, IAM, SIEM)
Any of the following certificates will be a nice to have:
• Comptia Sec+, Comptia CySA+, CEH
• Security Essentials - SEC401 (optional GSEC certification)
• Intrusion Detection In Depth - SEC503 (optional GCIA certification)
• Hacker Guard: Security Baseline Training - SEC464
• Advanced Security Essentials - SEC501 (optional GCED certification)
• Hacker Techniques, Exploits & Incident Handling - SEC504 (optional GCIH certification)