Onsite Senior SOC L2 Analyst

IBM Middle East

Riyadh, Saudi Arabia

Ref: RP805-1855

Job description / Role

Employment: Full Time

Information and Data are some of the most important organizational assets in today's businesses. As a Security Consultant, you will be a key advisor for IBM's clients, analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client's organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.

Your Role and Responsibilities
- This job role is based out of Al Jubail, Saudi Arabia
- Provide initial investigation of security incidents escalated from the SOC L1 Function
- Check for false positive & duplicates
- Provide communication and escalation throughout the incident per the CSIRT guidelines
- Communicates directly with data asset owners and business response plan owners during high severity incidents
- Hunting for suspicious anomalous activity based on data alerts or data outputs from various toolsets
- Perform analysis of log files and other artifacts to collect more contextual information in order to triage the security threat
- Provide first responder forensics analysis and investigation
- Drives containment strategy during data loss or breach events
- Triage and resolve advanced vector attacks such as botnets and advanced persistent threats (APTs)
- Works directly with data asset owners and business response plan owners during high severity incidents
- Provide tuning recommendations to administrators based on findings during investigations or threat information reviews
- Collect contextual information and pursue technical root cause analysis and attack method analysis;
- Make content determination to treat the alert as a security incident and assign a severity level;
- Close or escalate the security incident to the SOC L3/ Advanced Forensics Function;
- In certain cases, the alert/incident can be returned to SOC L1 Function with feedback and suggestions;
- The resource must have extensive experience in incident handling and reporting (at least 4 years in a similar role).
- The resources must be able to manage CPE SOAR (IBM) and EDR (Carbon Black) solution


We are looking for a professional based Al Jubail with the following skills:

- Technical Competencies
- Strong Analytical and Problem Solving Skills
- Knowledge of network security zones, Firewall configurations, IDS policies
- Knowledge of systems communications from Layer 1 to 7
- Experience with Systems Administration, Middleware, and Application Administration
- Experience with Network and Network Security tools administration particularly IBM SOAR (Resilient) including integrations, scripting and runbook creation
- Knowledge of log formats and ability to aggregate and parse log data for syslog, http logs, DB logs for investigation purposes
- In-depth experience with log search tools such as QRadar, usage of regular expressions and natural language/AQL queries
- In-depth knowledge of packet capture and analysis
- Experience with Security Assessment tools (NMAP, Nessus, Metasploit, Netcat
- Ability to make create a containment strategy and execute
- SOC technical & executive reporting
- SOAR tool administration, runbook & workflow management

Training, Qualifications, and Certifications

- Security Essentials - SEC401 (optional GSEC certification)
- Intrusion Detection In Depth - SEC503 (optional GCIA certification)
- Hacker Techniques, Exploits & Incident Handling - SEC504 (optional GCIH certification)
- OSCP - Pen test With Kali
- IBM QRadar and SOAR certification

- Hacker Guard: Security Baseline Training - SEC464
- Advanced Security Essentials - SEC501 (optional GCED certification)
- Perimeter Protection In Depth - SEC502 (optional GCFW certification)
- Securing Windows and Resisting Malware - SEC505 (optional GCWN certification)

About the Company

For more than six decades, IBM Middle East & Pakistan has played a vital role in shaping the information technology landscape of the region. Today, IBM is part of the region's technological fabric, solving real-world business and societal challenges, through its offices in UAE, Saudi Arabia, Qatar, Kuwait and Pakistan, and also a diversity of centers across the region.

Within the region, IBM currently has groundbreaking initiatives in cloud computing, analytics, mobile, security, as well as nanotechnology, eGovernment, healthcare and many more, collaborating with leading educational institutes and governments. IBM supports hundreds of clients to drive transformation through technology, contributes to regional research & development programs and has an active Corporate Service Corps (CSC) program.

Reinvention is a keyword in the company's history and, today, IBM is much more than a "hardware, software, services" company. IBM is now emerging as a cognitive solutions and cloud platform company.

Get personalised updates on latest vacancies
Job Alerts by Email
  • Personalised updates on latest career opportunities
  • Insights on hiring and employment activity in your industry
  • Typically sent twice a month
Analyst salaries in Riyadh

Average monthly compensation
SAR 12,500

Breakdown available for industries and years of experience