Security Operations Center Lead

• Analyze escalated incidents by L1 to identify potential security violations, categorize and initiate response actions.
• Manage Incident response activities till closure of the incident.
• Triage and perform root cause analysis for security incidents.
• Recognizes anomalies in network data / logs that are pushed into the SIEM solution and initiate appropriate response actions
• Serve as shift leader and point of escalation for level 1 analysts.
• Ensure all unresolvable cases are passed to the correct team for action as appropriate.
• Continuously evaluate defined response playbooks and make improvements for quicker detection and efficient response to security threats
• Provide recommendations to SIEM Administrator / Use case engineer to define new / relevant usecases as well as update existing usecases, as applicable
• Continuously monitor threat alert channels to proactively create new alert mechanism to ensure customer environment is monitored for evolving threats
• Responsible to delegate sweeps of IOC / IOA in client environment.
• Performing in-depth triaging and threat hunting (also hypothesis based).
• Escalate True positive and critical incidents to account leads wherever necessary.
• Ensuring all analyst responsibilities as listed above, including but not limited to Open incident tracker, Shift handover reports, trackers etc. are updated/shared at the end of each shift.
• Ensuring analysts are available to monitor all customers during each shift, assigning analysts to monitor specific customers before start of shift, balance workload depending on requirements/ flow for different accounts and escalate if any deviations are observed.
• Ensure customer revered emails/ tickets are acknowledged and responded to during the shift.
• All knowledge gained during shift must be captured appropriately and communicated to the next shift analysts during allocated handover time.
• Support in triaging potential alerts, analysing, preparing usecases, provide inputs, preparation of SOPs and Process documents.
• Prepare / Review/ Approve Vulnerability advisory for technologies used in Client environment and sharing with relevant stakeholders.
• Provide knowledge transfer, train new joiners and L1s.

Who are we looking for?

• We are looking for someone with completion of one of the listed degrees B.E./B. Tech/MCA with 4 to 8 years of experience matching the following skill set:
• Practical working experience in SOC monitoring for at least one year in a large Enterprise or in a MSSP environment
• Exposure to multiple clients is an added advantage.
• Strong in explaining the architecture of various security products like Firewall, IPS, DLP, Email security, SIEM, etc.,
• Experience working on IBM QRadar, Sentinel or Microfocus ArcSight SIEM Solution(s)
• Understanding of cyber security frameworks, such as MITRE attack, NIST CSF, CIS CSC etc.
• Exposure as a shift lead assisting L1 analysts.
• Proven experience in Windows Security
• Good with scripting languages to automate tasks as well as to create connectors / parsers for log sources
• In-depth knowledge of Windows Security