SOC L3 - Incident Handler

• Use Case Development: Knowledge of organizational risks and threats to

design relevant and effective detection rules. 

• Log Sources: Understanding log formats, sources, and parsing for accurate

data utilization in use cases. 

• SIEM and Analytics Tools: Familiarity with platforms like Securonix, Sentinel,

or Splunk to implement and monitor use cases. 

• Alert Logic: Ability to define thresholds, logic, and conditions to reduce false

positives and improve detection accuracy. 

•  Incident Response Needs: Awareness of incident response workflows to

align use cases with actionable intelligence. 

• Performance Metrics: Skills to create and optimize KPI/KRI reports to track

detection and response performance. 

• Fine-Tuning Methodology: Experience in analyzing alert data to refine use

cases and adjust logic periodically. Detect and respond to company-wide

security incidents, coordinating cross-functional teams to mitigate and

eradicate threats. 

• Incident response lead for high impact cyber security incidents 

• Triage events, escalations and incidents to determine remediation and

resolution actions 

• Coordinate appropriate response activities across teams or directly with

stakeholders to rapidly remediate potential threats 

• Develop playbooks to improve processes and information sharing across

teams 

• Initiative and project-related support to provide Security Operations and

Incident Response perspective and subject matter expertise 

• Contribute technical and process improvements within the team 

• Participate in current operations, on call rotation. Which includes some after-

hours responsibilities and escalations. 

Primary Skill: (Must Have) 

• Experience in Cyber Threat incident response, vulnerability research,

malware analysis and exploit investigation. 

• Demonstrated experience in computer security related disciplines, including

but not limited to the following subject areas: software vulnerabilities and

exploitation, host forensics, malware analysis, network traffic analysis, Insider

Threat and web-focused security topics. 

• Knowledgeable about modern security related subjects and trends, for

example, Advanced Persistent Threat (APT), Spear Phishing, and credential

compromise techniques 

• Proven ability to drive large scale, high visibility projects with high

collaboration and leadership 

• Excellent judgment, decision making skills, and the ability to work under

pressure 

• Excellent written and oral communication skills 

• Excellent presentation skills and experience of presenting to senior

management 

• Solid understanding of events, related fields in log records and alerts reported

by various data sources such as Windows/Unix systems, IDS/IPS, AV,

HIDS/HIPS, WAFs, firewalls, and web proxies 

• Develop and improve the existing EDR Specific usecases for enhanced

detection.  

• Analyze the TTP's of the emerging threats and co-ordinate with the EDR team

to develop use cases at EDR.  

• Closely co-ordinate and provide continuous support for CSIRT team in an

event of a P1/P2 Security Incidents.  

• Conduct a Security Incident tabletop simulation internally with in SOC to

gauge the process and track improvements. 

•  Handle BEC emails targeted against VIP users within the Organization