Information Security Specialist

Role Summary

As a member of Global Security Operations Center, you will be responsible for driving the operational activities of SOC and lead complex investigations, conduct advanced threat analysis, and initiate incident responses activities across various business units. He/she is also responsible for process improvement activities, mentoring the team through training initiatives.

Responsibilities

• Managing shifts / team in the 24X7 SOC Environment.
• Act as a first point of escalation for SOC team and assist with handing out work assignments to the team members.
• Handling escalated security incidents/ issues, Responsible for deep dive analysis of escalated incidents, threat hunting.
• Highlight potential security risks to SOC Manager and concerned SPOCs.
• Maintain and optimize security tools and technologies used within the SOC.
• Support Adhoc investigations on need basis.
• Identify opportunities for continuous improvement in security operations.
• Continuously improve threat detection capabilities, use cases and SOPs.
• Support SOC manager for creating new operational guidelines, processes, and procedures.
• Mentor and provide guidance to L1 analysts and serves as the POC for escalation issues that may arise.
• Support rotational 16x5 operational shifts and on call when needed.

Role Requirements

Experience

At least 7+ years prior experience as a SOC Lead/Lead Analyst in SOC environment with hands-on experience in performing security monitoring and response activities, incident handling, alert tracking, and/or cybersecurity case management.

Process and Technology Skills

• Proven experience in handling any of the EDR solution such as Defender or Crowdstrike.
• Configure and optimize EDR settings to enhance security posture and ensure effective threat detection.
• Analyze threat intelligence and security data to identify trends, patterns, and emerging threats
• Capability to recognize different security situations and refine recurring security notifications by finetuning.
• Respond to security incidents promptly, conducting thorough investigations and implementing remediation strategies to mitigate risks.
• Strong background in incident analysis, evidence collection, documentation, communications, reporting and response.
• Ability to manage cloud security controls, including firewalls, intrusion detection systems, and encryption protocols.
• Lead and coordinate incident response efforts for cloud-related security incidents.
• Collaborate with business and development teams to ensure security best practices are integrated into cloud architecture and deployments.

• Proven experience with cloud platforms such as AWS, Azure, or Google Cloud.

• Experience in mentoring and training junior analysts, Provide technical and functional support to L1 Team with analytical feedback.
• Proven experience in any SIEM tools and/or log management solution
• Must have good knowledge in firewalls, IDS/IPS, Anti-Virus, EDR, Proxy, DNS, email, AD, etc.
• Good understanding of mainstream operating systems (Windows, Linux, etc) and security infrastructure
• Good understanding of log parsing and event analysis (Ability to understand and interpret Windows, Linux OS, firewall, web proxy, DNS log events)
• Expertise in creation of reports, dashboards, metrics for SOC operations
• Knowledge in developing use cases for security monitoring, threat management and threat modelling.
• Knowledge of MITRE or similar frameworks and procedures used by adversaries.
• Advanced knowledge of malware operation and indicators
• Good understanding of ITIL processes including Incident Management, Change Management and Problem Management
• Advanced knowledge of networking fundamentals (OSI Layers, TCP/IP, protocols, and services...)
• Sound knowledge in Information Security policies, procedures, standards, best practices, and guidelines
• Involvement in threat intelligence and cybersecurity communities.
• Deep understanding of Cyber Kill Chain and other applicable analytic models
• Optionally, experience in at least one of the following: Python, PowerShell, VBscript.

Other skills

• Knowledge and understanding of project management methodologies, processes, and tools.
• Strong analytical skills and ability to solve complex technical problems with high attention to detail and accuracy.
• Strong team player and ability to work in a challenging and constantly changing environment.
• Ability to multitask and work independently with minimal direction and maximum accountability.
• Proficiency in verbal and written communication skills.
• Proficiency in time management and presentation skills
• Proficiency in decision-making and problem-solving skills

Education and Certification

• Bachelor’s degree in computer information systems or related field or equivalent demonstrated experience & knowledge.
• Professional certification in Information security like Security+, CCSE, CCSP, AZ900 – AZ500 etc., TICSA, MCSE, CISSP, etc. would be advantageous