Required Skills and Knowledge
• Skilled in using incident handling methodologies.• Skilled in collecting data from a variety of cyber defence resources.• Skilled in recognizing and categorizing types of vulnerabilities and associated attacks.• Experience detecting host and network-based intrusions using intrusion detection technologies.• Experience to interpret the information collected by network tools (e.g., nslookup, Ping, and Traceroute).• In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management, MITRE etc.• Experience in threat management and threat intelligence• Knowledge of applications, databases, middleware, Authentication, authorization, and access control methods.• Key concepts in security management (e.g., Release Management, Patch Management), • Operating system command-line tools like PowerShell, Packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump), Network tools (e.g., ping, traceroute, nslookup), Network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools, Windows/Unix ports and services. • Working knowledge and experience with MS office with proficiency in ExcelRoles and Responsibilities:• Lead and manage Security Operations Centre in an MSSP environment• Ensure incident identification, assessment, quantification, reporting, communication, mitigation, and monitoring• Ensure compliance to SLA, process adherence and process improvisation to achieve operational objectives• Revise and develop processes to strengthen the current Security Operations Framework, review policies and highlight the challenges• Responsible for team resources, overall use of resources and initiation of corrective action where required for Security Operations Center• Creation of weekly, monthly, quarterly reports, dashboards, metrics for SOC operations and presentation to client and Sr. Mgmt.• Interface both internal & external audits of the Security Operations Center (SOC)• Ensure incidents and investigations are thoroughly documented for the purposes of facilitating record keeping, process improvement, lessons learned, trend analysis, and senior leadership reporting• Conduct regular review with customer stakeholders, build and maintain positive working relationships with them• Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities. Isolate and remove malware.• Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).• Provide daily summary reports of network events and activity relevant to cyber defense practices.• Receive and analyse network alerts from various sources and determine possible causes of such alerts.• Notify designated managers, cyber incident responders and articulate the event's history, status, and potential impact for further action in accordance with the organization's incident response plan.• Analyse and report system security posture trends.• Assess adequate access controls based on principles of least privilege and need-to-know. Work with stakeholders to resolve computer security incidents and vulnerability compliance.• Creating SIEM correlation rules, custom reports, integrating threat intelligence feeds• Administer, manage, configure, maintain, and support Security devices like Firewall, IDS/IPS, Proxies, Mail Gateways etc.• Onboarding new customers in Build and Run and Build and Handover modelCandidate profileExperience/ Qualifications:
• Bachelor's degree in Computer Science, Information Technology, Systems Engineering, or a related field. • Good oral and written communication skills to collaborate with the team. • Minimum 8+ years of Security engineering or Security Operations• Understanding of how operating systems work and how exploitation works for different Operation Systems and applications.• Understanding of network traffic and be able to analyse network traffic introduced by the malware.• Thorough understanding of Windows and Linux Internals• Knowledge of common hacking tools and techniques• Experience in understanding and analysing various log formats from various sources.• Experience in analysing reports generated of SOAR/SEM tools e.g. ArcSight, Elastic SIEM etc.Security Certifications desirable
• Certified Incident Handler (GCIH)• Certified SOC Analyst• Certified Ethical hacker (CEH) • CISSP/CISM
