Job
Description
JD: Minimum of 7 years of experience in Cyber security. Proficient in Incident Management and Response, handling escalations In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc. Responsible for working in a 24x7 Security Operation center (SOC) environment and SIEM technologies & Security Event alert Analysis . Provide analysis and trending of security log data from a large number of heterogeneous security devices Provide threat and vulnerability analysis as well as security advisory services Investigate, document, and report on information security issues and emerging trends Guide and share information with other analysts and other teams. Other tasks and responsibilities as assigned. Knowledge of various operating system flavours including but not limited to Windows, Linux, Unix Good Understanding of Malware analysis and Phishing Analysis Good Understanding of Email security Knowledge of TCP/IP Protocols, network analysis, and network/security applications; Knowledge of common Internet protocols and applications Communicate effectively by contributing significantly to the development and delivery of a variety of written and visual documents for diverse audiences Knowledge about various tools like – SIEM, XDR, SSL, Packet Analysis, HIPS/NIPS, Network Monitoring tools, Service Now Ticketing Toolset Web Security, AV, UBEA, Advanced SOC Willingness to work overtime and adjust to reasonable demands from management in case of critical incidents being escalated to L3 for immediate handling. Must have cybersecurity incident discovery and event management, network forensics, IPS/IDS, firewalls, content filtering technology, DLP, configuration management and monitoring, endpoint protection, database security, and log collection and analysis understanding Strong working knowledge of security-relevant data, including network protocols, ports and common services, such as TCP/IP network protocols and application layer protocols (e.g. HTTP/S, DNS, FTP, SMTP, Active Directory etc.) Experience and keen understanding of cybersecurity tools, including SIEM , IDS/IPS, antivirus and endpoint detection & response solutions. Experience with leading security incident response Involvement in threat intelligence and cybersecurity communities Able to multitask and give equal and/or required attention to a variety of functions while under pressure Ability to work independently and take ownership of projects and initiatives. Excellent written and verbal communication skills required. Must be able to communicate technical details clearly. Experience in developing and maintaining Play/Runbooks and/or Standard Operating Procedures in a SOC environment Strong troubleshooting, reasoning, and analytical problem-solving skills Ability to communicate technical details effectively in writing and verbally to junior IT personnel and management. Team player with the ability to work autonomously. Security Event Correlation as received from L2 SOC or Incident Response staff or relevant sources to determine increased risk to the business. Recognize potential, successful, and unsuccessful intrusion attempts/compromises thorough review and analysis of relevant event detail and summary information. Development and execution of SOC procedures Triage security events and incidents, detect anomalies, and report/direct remediation actions. Ensure confidentiality and protection of sensitive data. Analysis of phishing emails reported by internal end users. Working with remediation (IT Infra & Ops) teams on events and incident mitigation Follow up on remediation activities. Show more Show less
