SO

Skillset

1) Review the SOC architecture, design, Integration, dataflow, use cases etc.

2) Manage the SOC service provider and ensure SOC function is aligned with business objectives

3) Incident analysis and quality validation on triage by L1/L2 resources for both SOC and VA PT activities

4) Provide inputs to Content Management Team for enhancements of Use Cases and incident lifecycle

5) Document play books for threat scenarios and ensure they are followed for relevant offences & incident management

6) Enable SOC to comply with regulatory & internal audit requirements and work on all audit observations and ensure timely closure of the same

7) Regularly review all SOC SOPs and update the same

8) Review and validation of incident closed by L1/L2 team due to inaccurate/insufficient information

9) Provide direction on Rules & Use cases creation, fine-tuning and management for all modules of SOC solutions

10) Manage end-to-end life cycle of use cases deployment in SIEM solution

11) Coordinate with concern teams for onboarding of right set of log sources

12) Ensure right set of effective rules are configured to detect threat, including but not limited to, cyber kill chain, detect OWASP top 10, SANS top 20, any unauthorized movement or access from outside to inside, inside to outside and within network (lateral movement), any attempt of executing unauthorized PowerShell execution, DNS tunneling, data exfiltration, attempt of privilege escalation, use of known rootkits etc.

13) Define and review the SOC KPIs and provide management reports

14) Incident management by leading the Forensics investigation of critical incidents

15) Provide technical input to other teams and Top Management on SOC and Information Security related requirements.