Job Summary

The SOC Analyst L2 provides 24x7 eyes-on-glass service; formed from a team of security analysts with some years of experience. The monitoring and identification tier are responsible for the real-time monitoring and identification of security incidents. Analysts staffed at Level 2 monitor the MDR Centre main channel event streams within the MDR Centre security information and event management (SIEM) platform and other MDR Centre tools. They identify suspicious activity, open an incident investigation and perform preliminary investigation to validate the incident. If the incident is determined to be more complex and requires more time and/or deeper expertise to analyze, the Tier 2 – Analyst will transfer the open investigation to Tier 3 for further analysis and escalation.

SOC Analyst is also responsible for providing a combination of strategic, tactical and operational intelligence to the MDR Centre and its constituency.  They gather and analyze tactical cyber threat and vulnerabilities intelligence and provide timely intelligence support to incident responders and guidance to threat hunter.

In addition, Cyber Security Analyst Tier 2 is responsible for the validation and analysis of investigations passed up from Tier 1 analysts. Tier 2 incident responder and investigator will complete the documentation of the investigation, determine the validity and priority of the activity and escalate to the SOC Manager.

Job Responsibilities*

• Performs real-time monitoring of security alerts generated by various MDR tools deployed by True Digital.

• Investigates potential security incidents under the guidance of playbooks and procedures.

• Analyses and assesses security alerts.

• Validates, classifies and opens security incident cases or escalates to Level 2 analysts.

• Serves as a primary contact point for reporting potential security incidents.

• Document security incidents as identified by the case management process.

• Provides feedback on enhancing the operations of the cyber security operations centre.

• Responds to security alerts generate within the SLA time window.

• Establishes priority intelligence requirements for all key stakeholders.

• Demonstrates an understanding of business processes, risk management, and related standards and regulatory requirements.

• Performs threat modeling to identify, classify, prioritize and rate threats based on thorough analysis of the organization’s top risks and critical assets, and derive appropriate use cases to be implemented into the MDR platform.

• Investigates and researches known indicators, correlate events, identify malicious activity, and discover new sources to provide early warning for a variety of threats.

• Analyzes internal and external threat intelligence data sets, including vulnerabilities intelligence, detect and track emerging threats and security trends.

• Produces timely, accurate, relevant and predictive intelligence by identifying and reporting on malicious actors, campaigns, and other relevant activities. 

• Produce and deliver timely, actionable threat intelligence to foster situational awareness, enables proactive decision-making, and promote enhance active defense measures within True Digital.

• Monitors open source information feeds and threat actor activity to identify activity levels and indicators for threats, targets of interest and possible attack vectors.

• Work with the other MDR Centre team to ensure that actionable indicators of compromise are incorporated into appropriate technologies.

Qualifications

• Bachelor degree in a related field such as information security, computer science or computer engineering.

• Minimum of 3-5 years of experience in cybersecurity, with a focus on security operations and incident response.

• Strong understanding of security technologies, including SIEM, IDS/IPS, firewalls, and security analytics tools.

• Hands-on experience with security analysis tools and techniques, such as malware analysis, network forensics, and threat hunting.

• Knowledge of industry frameworks and best practices, such as NIST, ISO, and CIS.

• Excellent analytical and problem-solving skills.

• Strong communication and collaboration abilities.

• Ability to work well under pressure and handle multiple tasks simultaneously.

• Relevant security certifications, such as GCIA, GCIH, or equivalent, are highly desirable.

• Good command on both English and Thai.