SOC Analyst

Summary:

• Monitor, analyse, and investigate security events using Splunkand other SIEMplatforms.
• Respond to and remediate security incidents using established playbooks and best practices.
• Leverage EDR toolsto detect and contain endpoint threats effectively.
• Conduct root cause analysis to identify and mitigate risks.

Splunk & SIEM Management:

• Configure, manage, and optimize Splunkdashboards, alerts, and log ingestion pipelines.
• Develop custom queries and detection rules to enhance monitoring capabilities.
• Generate actionable insights and reports from Splunk and SIEM systems for stakeholders.

Vulnerability Management:

• Perform vulnerability assessments using tools like Nessus, Qualys, or Tenable.
• Analyse and prioritize vulnerabilities based on risk and business impact.
• Coordinate with IT teams to ensure timely remediation of vulnerabilities and misconfigurations.
• Track and report on vulnerability trends and patch compliance.

Automation & Scripting:

• Develop and maintain automation scripts using Pythonand PowerShellto streamline SOC processes.
• Automate repetitive tasks such as log parsing, threat detection, and vulnerability remediation.
• Integrate SIEM, EDR, and vulnerability management tools with orchestration platforms for end-to-end automation.

Threat Detection & Analysis:

• Proactively hunt for threats and analyse indicators of compromise (IOCs) and attacker techniques.
• Utilize threat intelligence to improve detection capabilities and inform incident response.
• Design and implement custom detection rules based on threat scenarios.

Reporting & Collaboration:

• Prepare detailed incident reports, vulnerability assessments, and remediation plans.
• Collaborate with IT and security teams to improve the organizations security posture.
• Provide insights and recommendations for enhancing security operations.

Qualifications & Skills:Education

• Bachelor's Degree in Engineering/Technology (B.E., B.Tech) or related fields.
• Master's Degree (M.Tech, M.Sc., or equivalent) in Cybersecurity, Computer Science, or IT (preferred).
• UG/PG in a relevant discipline will also be considered.

Technical Skills:

• Hands-on experience with Splunkand other SIEM platforms.
• Proficiency in EDR solutionslike CrowdStrike, Carbon Black, or Microsoft Defender.
• Strong understanding of vulnerability managementprocesses and tools.
• Proficient in scripting languages: Python, PowerShell(automation experience is mandatory).
• Familiarity with threat intelligence platforms, detection engineering, and MITRE ATT&CK framework.
• Experience with log analysis, alert management, and incident triage.