JLR-Global SOC- Cyber Threat intelligence Lead

Key responsibility:

• Threat Intelligence Lead detects, reports and proposes measures to mitigate cyber threats

  .

• Threat intelligence lead is responsible for implementing threat intelligence platform
• Responsible to collect data and information about different sources, both open and private
• Responsible to investigate specific cyber threats and assess potential threats
• Conduct malware analysis and provide indicators for defensive measures
• Responsible for Deploying and configuring Phishing
• 5 -7 years of experience in IT/IT Security
• 5 years of experience in operating SIEM product Knowledge of DDoS techniques and mitigation mechanism.
• Knowledge of Windows and/or Unix-based systems/architectures and related security.
• Excellent knowledge of LAN/WAN technologies
• Strong understanding of cloud technologies and related security best practices.
• Experience handling security incidents in cloud infrastructure.
• Must have a solid understanding of information technology and information security.
• Relevant Security related certifications a plus: GCIA, GCIH, GCED, GCFA, GREM, OCSP
• Ensuring threat management, threat modelling, identify threat vectors and develop use cases for security monitoring
• Creation of reports, dashboards, metrics for SOC operations and presentation to Sr. Mgmt.
• Act as focal point for any investigations involving security; to prepare reports and note follow up action.
• Ensure that all business recovery/contingency plans and/or procedures held within the security control rooms are always kept up to date
• Coordinate with IT teams on escalations, tracking, performance issues, and outages

Key Skills/Knowledge

• Must have an in-depth understanding of the concepts and threat forces
• Good working knowledge of advanced threat analysis technology in subjects such as computer science, and other is an added advantage
• Strong Knowledge of: Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access Management (IAM)
• Knowledgeable in SOC advancements such as EDR, SOAR and malware analysis
• Thorough knowledge of SIEM technologies, like Google chronicle, Splunk ES or Qradar, patching and version upgrades
• In-depth familiarity with security policies based on industry standards and best practices

Experience required

• Experience in Malware analysis, implementation of any threat intel platform
• Solid experience in identifying potential threats and analysing the security alert
• Proven experience in threat modelling
• Demonstrated experience in handling cyber security incidents in enterprise-level incident response team or security operations center.
• Strong working knowledge of security tools such as SIEM, Anti-Virus, Web Application Firewall, Intrusion Detection System/ Intrusion Prevention System NetFlow, Network Packet Analyzer and Endpoint Detection & Response tools.
• Proven subject matter expertise in relevant areas, such as Threat intelligence, malware analysis or security engineering.
• Solid understanding of TCP/IP and inter-networking technology including packet analysis, routing and switching.
• Strong technical knowledge of operating systems, network services and applications.
• A keen understanding of security logging components and capabilities of operating system and application.
• Excellent communication and presentation skills with demonstrated skill in presenting analytical data effectively to varied audiences (including executive