SOC L1 Analyst at Equity Bank Kenya

Role Description:

As Level 1 security Analyst, your role is pivotal in helping to monitor and protect the bank and its information assets. Some of the responsibilities of the Level 1 Analyst are as per below:

Responsibilities:

• Have the ability to and understand how to properly open a manual ticket for security related incidents or to report issues to the Security Operations team leadership.
• Have the ability to and understand how to search asset information or ticket information.
• Be familiar with security controls technologies.
• Understand the significance of Log Correlation Rules, what the incidents generated from them indicate, and their significance to business operational continuity.
• Be able to access the organizations SIEM and understand what tables to query for specific data from each of the technologies L1 Analysts have access to.
• Be able to identify user log/computer information by querying.
• Have the ability to understand how to log in to Nessus, Nexpose and OpenVas to retrieve and review vulnerability scan data.
• Have the ability to understand how to search for asset information.
• Be familiar with SOC analyst tools and collaboration systems.
• Be able to work out any issues in the Incident Management System properly.
• Understand general TCP/IP essentials and interpret CIDR network ranges.
• Know the basics of IP routing.
• Understand the differences between TCP, UDP and ICMP in their modes of operation.
• Be able to describe the OSI model, and what portions of TCP/IP operate at each layer.
• Be familiar with RFC1918 and NAT
• Know the basic operational concepts of most internet communication and content delivery protocols (HTTP, SMTP, etc.)
• Known how to generate a portscan, and interpret the result.
• Understand the concepts of Authoritative DNS servers, and the general principle of DNS resolution (forward/reverse, etc.)
• Have a general knowledge of standard network zoning types (DMZ, Datacenters, Core Routing, etc.)
• Understand General Wireless networking concepts:
  • Infrastructure, Ad-Hoc, Client and Bridge modes of operation
  • SSID, BSID, authentication modes (WEP/WPA)
  • Channels, Beacons
• General OS operation skills and data analysis.
• Be able to install and configure a general windows or Linux workstation and bring it into line with corporate security standards.
• Be able to identify where the system logs are contained on that system.
• Be able to perform general troubleshooting on a system, to the same level as an average desktop technical support rep.
• Understand basics of SQL queries (SELECT, COUNT, DISTINCT, ORDER)
• Understand how to write a standard operating procedure that describes a repeatable process to other analysts.

Qualifications:

• Bachelor’s Degree in Cyber Security, Electrical Engineering/Computer Science/Information Technology or related.
• 2-3 years of experience in in Infosec 0r Cyber Security within the Financial Services Sector.
• Certifications in either of Network+, Security+, CySA+, GSEC, CEH, CISA, CISM or any other information security related course will be an added advantage.
• Hands on knowledge of common SIEM solutions, alerts and management.
• Knowledge of common network protocols such as TCP/IP, HTTP, DNS, etc.
• Experience with Microsoft Windows and UNIX operating systems is required.
• Knowledge and/or experience with common security tools and solutions such as anti-virus, Intrusion Prevention Systems and Firewalls is an added advantage.
• Knowledge and/or experience with Oracle, MS SQL, My SQL, etc.
• Good communication and presentation skills.
• Enthusiasm, curiosity, thirst for knowledge and passion for the job is required.
• Analytical thinking, customer focused and team player.