SOC L3

**Job Details**: (including but not limited)
- Part of the SOC team that runs 24x7,on a rotating shift schedule
- First point of escalation for the Tier 2
- Hunting for suspicious anomalous activity based on data alerts or data outputs from various toolsets
- Review and build new operational processes and procedures
- Drives containment strategy during data loss or breach events
- Triage and resolve advanced vector attacks such as botnets and advanced persistent threats (APTs)
- Works directly with data asset owners and business response plan owners during low and medium severity incidents
- Advice on the tuning of IDS, proxy policy, in-line malware tools based on threat feeds, trust and reputation data, incidents, or vulnerabilities and exploits of downstream systems
- Provide use case creation/tuning recommendations to administrators based on findings during investigations or threat information reviews
- Lead response actions for incidents where CSIRT is not required to intervene (low/medium priority)
- Performing administrative tasks per management request (ad-hoc reports / trainings)

**Training, Qualifications, and Certifications Preferred**:

- CEH-certified, OSCP certification
- SANS SEC504: Hacker Tools, Techniques, Exploits and Incident Handling training
- SANS FOR** trainings
- Advanced Security Essentials - SEC501 (optional GCED certification)
- Perimeter Protection In Depth - SEC502 (optional GCFW certification
- SANS GREM
- Capable of content engineer working on CVE, TTPs

**Job Types**: Full-time, Permanent

**Experience**:

- SOC: 2 years (required)

**Location**:

- Riyadh (required)

Application Deadline: 27/08/2024