SOC L2 Incident Responder

I. PURPOSE

Participate and support activities that will help improve the existing operations and operationalize new service portfolio to achieve service excellence, operational efficiency, and retention of customers.

Investigate, analyze, and respond to incidents or crises within the pertinent domain to mitigate immediate and potential threats. Uses mitigation, preparedness, and response and recovery approaches, as needed, to minimize impact of incident and maximize survival of information security.

II. DUTIES AND RESPONSIBILITIES

• Accomplish all assigned tasks by the management in a timely and effective manner as deemed necessary for the betterment of the organization.
• Ensure effective and efficient processes are followed.
• Comply with escalation protocols.
• Report process inefficiencies and non-compliance with agreed standards and processes.
• To promote and contribute to TOC's information and knowledge repository.
• Collaborate with other teams to improve workflows, documentations, standards, and processes.
• Participate in activities promoting a harmonious working environment such as demonstrating trust and respect and practicing open communication.
• Comply with company policies, guidelines, standards, and procedures.
• Professionally represent Trends management; enriching client relationships and providing expertise, composure, and competence.
• Perform all other duties and tasks as assigned by the Shift Manager and Operations Senior Manager.

Availability Management

• Escalate availability and capacity-related issues and provide suggestions.

Capacity Management

• Ensure that resources of managed devices are within the acceptable thresholds.
• Escalate threshold breaches.

IT Service Continuity Management

• Understand Role in Business Continuity Plan (BCP) and ensure compliance once executed.

Risk Management

• Report risks to people and processes needed for Operations that may impact clients, Sales Groups, and other relevant stakeholders.

Service Level Management

• Comply with processes, procedures, guidelines, and policies to ensure SLAs are met or exceeded.

Configuration Management

• Provide feedback during functional testing.

Client Support

• Triage received events and incidents, and handle cases assigned.
• Undertake immediate efforts to restore a failed service of a Managed Service client as quickly as possible.
• Handles escalation and follow-ups until resolution.
• Processes Service Requests within agreed Service Level Agreement.
• Follows best practices and applicable frameworks for Events Management, Incident Management, and Service Requests.
• Collect relevant data and create Incident and Root-Cause-Analysis (RCA) Reports.
• Participates in vendor/supplier feedback if applicable

Client Incident Management

• Guide Analysts in the monitoring of security events for proper categorization and prioritization eliminating false positives and irrelevant information.
• Perform analysis of escalated SOAR and SIEM events to respond to threats and accurately distinguish actionable recommendations.
• Perform fixes and solutions on incidents based on the context of the incident and documented procedures.
• Perform cyber defense trend analysis and reporting.
• Create established reporting procedures and requirements for documentation and draft technical summary of findings.
• Follow playbooks and procedures in the analysis, containment, eradication, remediation, and recovery from client cybersecurity and quality of service incidents.
• Update incident tickets and inform Shift Manager.
• Create RCA Reports and execute Compromise Assessment/Preventive Action (CA/PA).

Client Access Management

• Essentially executes Terms and Conditions of the client.

Client IT Asset Management

• Ensure that clients' managed assets are accounted for, maintained, upgraded if within scope.
• Monitors the clients' managed assets lifecycle and provides reports and recommendations to the Client, Service Delivery Manager/s, and other relevant stakeholders.
• Report discovered risky, non-compliant, new, broken assets.

Client Problem Management

• Provide necessary data and implement Corrective Action/Preventive Action (CA/PA).
• Comply with contractual problem management deliverables.
• Investigate the underlying causes, manage client recurring incidents, and help determine the best method to eliminate the root causes.

Process Management

• Follow documented processes of Operations.

Knowledge Management

• Update the knowledge and information pertaining to existing Clients and clients' Managed ICT assets.
• Contribute to the enrichment of the MICTS Knowledge Base and Incident Response playbooks.

Continual Service Improvement Management

• Suggest and follow new processes, comply, and execute assigned improvement plans.
• Provide quality data and ticket content.