Job Description

Role & responsibilities Plan, implement, configure, and migrate market-leading cyber security solutions (Qradar, Sentinel, Defender etc.) Creation and implementation of new SIEM use cases (correlation rules), fine tuning, Defender policies etc. Configuration, onboarding, and parsing of new log sources in SIEM solution, working on malware analysis, mail analysis, Threat intelligence/hunting etc. Assessment of the effects of an attack, taking initial measures and making concrete recommendations for action, Improvement of response plans and incident playbooks. Classification and investigation of alarms from different threat detection platforms and provision of the processed results to our customers Anomaly and attack pattern detection at all stages of the cyber killchain Anomaly and attack pattern detection at all stages of the cyber killchain Tool-based and manual threat hunting to detect attacks after zero-day exploits or vulnerabilities with a potentially severe impact on customer environments become known Creation of security reports based on the security incidents within the reporting period Creation of reports and dashboards Ensure adherence to and implementation of best incident response procedures as well as internal and industry standards Participation in on-call duty to ensure incident response even outside of business hours 24*7 onsite cybersoc support to customer including weekends & public holidays Preferred candidate profile 4+ years related work experience in customer facing organizations within cybersoc services. Mandatory skill set Good hands-on experience on SIEM tools like Qradar, MS Sentinel. Knowledge on Microsoft Defender Good experience on Incident handling & response Certification in IBM Qradar SOC Analyst/Administrator, SC-200. Secondary skill set Knowledge on Python, any scripting language Malware investigation and reporting Forensic investigation of SPAM / Phising email incidents Knowledge on threat intelligence & threat hunting