Lead Security Engineer- Cyber Defense

Role:

1. Responsible for the security monitoring & log analysis of multi-vendor security solutions
2. Continuously assess and recommend the implementation of cutting-edge technologies relevant to cyber defense models to meet our customer's evolving needs.
3. Analyze security alerts to identify potential incidents, such as malware infections, unauthorized access, or data breaches.
4. Formulating and implementing monitoring policies, procedures and standards relating to SecOps and security domains network security, data security, cloud security, zero trust, etc
5. Automated response to security incidents (malware infections, unauthorized access, malicious emails, DDoS attacks, etc, together with evaluating the type, nature and severity of security events (security assurance/security compliance) through the use of a range of security event analysis tools.
6. Threat Hunting - Analyzes security system logs, security tools, and available data sources on a day to day
7. Enhance SOC service capabilities and offerings across key security domains and solution areas
8. Malware reverse engineering including: code or behavior analysis for endpoints and the network
9. Data security controls including malware protection, firewalls, intrusion detection systems, content filtering, Internet proxies, encryption controls, and log management solutions
10. Advanced problem solving skills, ability to develop effective long-term solutions to complex problems
11. Knowledge and implementation of MITRE ATT&CK to map use cases across the initial points of exposure, alert mapping, and incident reporting.
12. Evaluate internal and external environment for threats, changes, related to Information Security and perform the role as Information Security subject matter expert to ensure these are properly addressed and controlled

Skills:

1. Intermediate knowledge of security operations, incident analysis, incident handling, and vulnerability management or testing, system patching, log analysis, intrusion detection, Develop and implement custom detection rules and use cases to identify and respond to potential security threats.
2. Ability to investigate compromised systems, analyze malware, and collect intrusion artifacts (e.g., source code, trojans) to determine the scope and origin of an attack. Familiarity with forensic tools like Forensic Toolkit (FTK), Wireshark, or Elastic Stack is critical.
3. Conduct detailed forensic analyses to identify the root cause, scope, and impact of security incidents, including malware analysis and artifact collection.
4. develop and implement incident response plans, playbooks, and procedures to ensure effective threat containment, eradication, and recovery.
5. Document incidents thoroughly and prepare actionable reports for technical and non-technical stakeholders, including management and, if necessary, law enforcement.
6. Collaborate with threat intelligence teams to enhance threat detection capabilities.
7. Solid experience in Incident response and Data protection incidents
8. Analyze cloud platform logs (CloudTrail, Audit Logs, etc.) and Logs to identify patterns and anomalies indicative of security threats or unauthorized access.
9. Develop, implement and maintain detection rules based on cloud platform logs to identify specific activities and events within the cloud environment.
10. Create and optimize alerts and notifications for security incidents identified through log analysis.
11. Perform adversary emulation activities to identify detection gaps in the environment.
12. Knowledge of threat intelligence sources and indicators of compromise (IOCs).
13. Understanding of DevOps and CI/CD pipelines in cloud environments.
14. Collaborate with security teams to refine detection rules based on the latest threat intelligence. Work closely with teams to discover new detection capabilities.
15. Integrate cloud platform log data with SIEM systems for centralized monitoring and correlation with other security events.
16. Familiar with field extractions , regex and having knowledge on SIEM infrastructure issues will be added advantage
17. Document detection rules, processes, and methodologies for cloud platform log analysis.