Asst. Manager/Sr. Officer- Information Security

Role & Responsibilities:

• Continuously monitor and analyze security events across various platforms using SIEM solutions (e.g., Splunk, Azure Sentinel, QRadar ex.).
• Identify, triage, and respond to security incidents like ransomware, DDoS attacks, and zero-day exploits using modern detection tools and techniques (e.g., CrowdStrike, Darktrace).
• Analyze and correlate security alerts, logs, and incidents to identify and mitigate emerging threats, leveraging SOAR (Security Orchestration, Automation, and Response) platforms like Cortex XSOAR.
• Proactively search for hidden threats in the network using threat hunting platforms and techniques, including Elastic Security and threat Connect.
• Perform vulnerability assessments using tools like Qualys, Tenable, and Rapid7 Nexpose; assist in patch management and remediation processes.
• Conduct forensic investigations using platforms such as FTK Imager, EnCase, or Autopsy to identify the origin and impact of security incidents.
• Create automated workflows and playbooks using scripting languages like Python, PowerShell, or Ansible to improve SOC response times and operational efficiency.
• Integrate and operationalize threat intelligence feeds (e.g., Anomali, ThreatQuotient) into security tools (SIEM, firewalls) to enhance incident detection capabilities.
• Monitor cloud environments (e.g., AWS, Azure, Google Cloud) for security incidents and misconfigurations using cloud-native security tools (e.g., AWS Guard Duty, Azure Security Center, Google Chronicle).
• Document incidents, including attack vectors, timelines, and mitigation steps; generate reports for stakeholders using tools like Jira, ServiceNow, or Confluence.

Job specific skills:

• Experience with modern SIEM tools like Splunk, IBM QRadar, Azure Sentinel, or Elastic SIEM.
• Proficient in EDR solutions such as CrowdStrike Falcon, Carbon Black, or SentinelOne.
• Familiarity with SOAR platforms like Cortex XSOAR, Swimlane, or Palo Alto Networks Demisto for automating and orchestrating security workflows.
• Hands-on experience integrating and utilizing threat intelligence platforms like Anomali, ThreatConnect, or ThreatGrid.
• Understanding of cloud security tools for AWS, Azure, and Google Cloud, including AWS GuardDuty, Azure Sentinel, and Google Chronicle.
• Deep knowledge of network security protocols and tools such as Palo Alto Firewalls, Cisco ASA, Fortinet FortiGate, Zscaler, and Tanium.
• Familiarity with vulnerability management tools like Qualys, Tenable Nessus, or Rapid7 Nexpose.
• Proficient in scripting languages like Python, Bash, PowerShell, and automation tools like Ansible and Terraform for securing infrastructure.
• Experience in handling incident response processes and tools like TheHive, CIRCL, and MISP.
• Familiarity with phishing detection and response platforms like Proofpoint, Barracuda, or KnowBe4.
• Knowledge of PCIDSS Compliance, ISO 27001 Standard logging and monitoring requirements.

• Rotational Shifts.