Job
Description
Your day at NTT DATA The Security Managed Services Engineer (L2) is a developing engineering role, responsible for providing a managed service to clients to ensure that their Security Infrastructures and systems remain operational. Through the proactive monitoring, identifying, investigating, and resolving of technical incidents and problems, this role is able to restore service to clients. The primary objective of this role is to proactively review client requests or tickets and apply technical/process knowledge to resolve them without breaching service level agreement (SLA) and focuses on second-line support for incidents and requests with a medium level of complexity. The Security Managed Services Engineer (L2) may also contribute to support on project work as and when required. What you'll be doing Key Responsibilities: Min 4+ Years exp in Soc along with SIEM (Splunk). Min 2 years Hands on exp in Splunk. Configure and maintain the SIEM system, ensuring that it's properly set up to collect and analyze security event data. Develop, customize, and manage security rules within the SIEM to detect and respond to security threats. Monitor SIEM alerts, investigate them, and take appropriate actions based on the severity and nature of the alerts. Oversee the collection, normalization, and storage of log data from various sources. Develop and document incident response procedures, and lead or assist in incident response efforts when security incidents occur. Analyze and investigate security events from various sources. Manage security incidents through all incident response phases to closure. Utilize SIEM, SOAR, UEBA, EDR, NBAD, PCAP, Vulnerability Scanning, and Malware analysis technologies for event detection and analysis. Update tickets, write incident reports, and document actions to reduce false positives. Develop knowledge of attack types and finetune detective capabilities. Identify log sources and examine system logs to reconstruct event histories using forensic techniques. Align SIEM rules and alerts with the LICs security policies and compliance requirements. Conduct computer forensic investigations, including examining running processes, identifying network connections, and disk imaging. Maintain and support the operational integrity of SOC toolsets. Collaborate with SIEM solution vendors for updates, patches, and support to ensure the system's reliability and effectiveness. Maintain thorough documentation of the SIEM system's configuration, procedures, and incident response plans. Proactively identify and report system security loopholes, infringements, and vulnerabilities to the Security Operations Centre Manager in a timely manner. Work closely with other IT and security teams during incident response, coordinating efforts and sharing information to mitigate security incidents effectively. Ensure that the SIEM system helps the LIC meet regulatory compliance requirements and is ready for security audits. Continuously optimize the SIEM system for efficient performance, ensuring it can handle the volume of data and remain responsive. Develop automation scripts and workflows to streamline common security response tasks and enhance efficiency. Knowledge and Attributes: Ability to communicate and work across different cultures and social groups. Ability to plan activities and projects well in advance, and takes into account possible changing circumstances. Ability to maintain a positive outlook at work. Ability to work well in a pressurized environment. Ability to work hard and put in longer hours when it is necessary. Ability to apply active listening techniques such as paraphrasing the message to confirm understanding, probing for further relevant information, and refraining from interrupting. Ability to adapt to changing circumstances. Ability to place clients at the forefront of all interactions, understanding their requirements, and creating a positive client experience throughout the total client journey. Academic Qualifications and Certifications: Bachelor's degree or equivalent qualification in IT/Computing (or demonstrated equivalent work experience). Active CEH certification is Must. Required Experience: Moderate level of relevant managed services experience handling Security Infrastructure. Moderate level of knowledge in ticketing tools preferably Service Now. Moderate level of working knowledge of ITIL processes. Moderate level of experience working with vendors and/or 3rd parties. Workplace type : On-site Working
