Cyber Security Operations Engineer - II

As Cyber security Operations engineer Level 2 will be responsible for analyzing and remediate (wherever applicable) security-related data from various sources, including network traffic, system logs, and security alerts. You will use this information to identify and investigate potential security incidents, and take appropriate actions to mitigate or resolve them. You may also respond to incidents, escalating them to Level 3 engineers or incident response teams as necessary. You will typically work in team environment working in shifts to support 24X5 operations.

Essential Duties and Responsibilities

• Analyze security-related data from various sources, such as network traffic, system logs, and security alerts, to identify and investigate potential security incidents.
• Should be able to identify critical threat and perform quick remediation.
• Respond to security incidents and create appropriate Runbooks for Level 1, escalating incidents to higher-level engineers or incident response teams as necessary.
• Maintain and troubleshoot security systems and devices, such as firewall, intrusion detection/prevention systems, and security information and event management (SIEM) systems.
• Maintain and update security run book documentation and procedures.
• Participate in incident response exercises and drills to test and improve incident response capabilities.
• Work closely with other members of the security team, as well as with other IT and business teams, to resolve security incidents and improve overall security posture.
• Keep up to date with the latest security threats, vulnerabilities and trends, and share knowledge with the team.
• Work in shifts to support 24X5 operations
• Perform other duties as assigned by the CSOC Manager or CSOC Team Lead.

Include minimum experience qualifications, required proficiencies with specialized knowledge, computer proficiencies, etc.

Experience

• 3-4 years of experience in security operations, incident response, or a related field.
• Familiarity with security concepts and technologies, such as firewalls, intrusion detection/prevention systems, and security information and event management (SIEM) systems.
• Experience with security incident management and incident response processes.
• Experience with network protocols and technologies, such as TCP/IP, DNS, and DHCP.
• Strong analytical and problem-solving skills, and the ability to think critically and make sound decisions in a fast-paced environment.
• Excellent written and verbal communication skills, as well as the ability to work well in a team environment.
• Exposure to industry standards, such as NIST, ISO 27001, SOC 2 and PCI-DSS.
• Strong understanding of cybersecurity threats and vulnerabilities, and experience with security tools and technologies.

Skills

• Technical skills: Familiarity with security concepts and technologies, such as firewalls, intrusion detection/prevention systems, and security information and event management (SIEM) systems. Knowledge of network protocols and technologies, such as TCP/IP, DNS, and DHCP.
• Analytical skills: Strong analytical and problem-solving skills, and the ability to think critically and make sound decisions in a fast-paced environment.
• Communication skills: Excellent written and verbal communication skills, as well as the ability to work well in a team environment.
• Incident Response: Experience with security incident management and incident response processes.
• Cybersecurity Knowledge: Strong understanding of cybersecurity threats and vulnerabilities, and experience with security tools and technologies.
• Industry Standards: Knowledge of industry standards, such as NIST, ISO 27001, SOC 2 and PCI-DSS.
• Time Management: Ability to handle multiple tasks and priorities and manage time effectively in a fast-paced environment.
• Adaptability: Adaptability to work in a dynamic and changing environment.
• Attention to detail: pay attention to detail and able to identify and investigate potential security threats.
• Customer service: Strong customer service orientation, ability to work well with others, and ability to communicate effectively with customers.

Education

• Bachelor's degree in Computer Science, Cybersecurity, or a related field, or equivalent work experience.
• Related qualifications and/or industry certifications such as CISSP/CISM and Cloud certifications are preferred.
• GCIH, GCIA, CRIA and/or BLT1/2 is a plus.
• Certifications: holding certifications such as CompTIA Security+, Certified Ethical Hacker (CEH), and Certified Information Systems Security Professional (CISSP) would be preferred.