Job Description

Role & responsibilities Configure and Administer SIEM (Security Incident and Event Management) tool. Administer Email Gateway technologies. Proxy log analysis and leverage for investigation. Endpoint detection and response platform and policy management. Analyze and assess security incidents and escalate to appropriate internal teams for additional assistance. Responsible for investigating incidents, analyzing attack methods, researching new defense techniques and tools, developing security policy, and documenting procedures for SOC. Malware analysis and other attack analysis to extract indicators of compromise. Perform data security event correlation between various systems. Prepare reports, summaries, and other forms of communication that may be both internal and client facing. Periodic upgradation/creation of correlation rules based on emerging threats and requirement following MITRE Attack US-Cert and other TTP sources. Lead Information security analyst, having an experience of 4+ years in incident management, log analysis and troubleshooting of network and security related issues. Comprehensive management and technical experience in building and leading large-scale SOC (Security Operations Center) Building Security Operations Center and/or Incident Response Team from scratch. Implementation-of and building-content-in technologies like SIEM, SOAR and Cloud Security Solutions. Building Security Metrics that will help customers/management to understand the effectiveness and gaps in Incident Management and over all Cyber Security posture. Working with customers requirement gathering, on-boarding, technical discussions, report walk-throughs. Working alongside teams like Compliance and VAPT Exposure to related areas of cybersecurity including Host Security, Network Security, IAM, Vulnerability Management, Penetration Testing, Compliance etc. Develop security scope, KPIs, policies and procedures for various SOC activities. Defined workflows for the day-to-day operations of SOC Ensure timeline, scope, quality & resource is managed accordingly with committed deliverables. Developed Playbooks for analysis and incident remediation Participate in security design discussion with various teams (technical and management) and provide advice on how SOC can be used effectively. Installing, updating, upgrading SIEM solution. Preferred candidate profile 8+ years working in the Security operations Centre. Bachelor's Degree in engineering or higher preferred Excellent knowledge of Intrusion Detection (deep TCP/IP knowledge, and Cyber security), various operating systems (Windows/UNIX), and web technologies (focusing on Internet security) Ability to read and understand packet level data Intrusion detection and prevention and Network Security Products (IDS/IPS, firewalls, etc.) Host Security Products (HIPS, AV, scanners, etc.) Significant experience with and expertise in creating event correlation logic and rules. Significant experience and expertise in using security information event management platforms (SIEM) for searching and correlating events.