SOC Team Lead

SOC Lead to support threat monitoring, detection, event analysis, incident response/reporting, brand monitoring, forensics and threat hunting activities for its SOC, which is a 24/7 environment

must be able to rapidly respond to security incidents and should have at least 7 years of relevant experience in Cyber security incident response

cloud environments like AWS (Must)

Responsibilities

• Should be able to manage a SOC L1/L2 team
• Providing incident response/investigation and remediation support for escalated security alerts/incidents
• Work with various stakeholders for communicating and remediating the cyber incidents
• Use emerging threat intelligence IOCs, IOAs, etc.to identify affected systems and the scope of the attack and perform threat hunting, end user’s systems and AWS infrastructure
• Provides support for complex computer/network exploitation and defense techniques to include deterring, identifying and investigating computer, applications and network intrusions
• Provides technical support for forensics services to include evidence capture, computer forensic analysis and data recovery, in support of computer crime investigation.
• Should be able to safeguard and custody of audit trails in case of any security incident
• Researches and maintains proficiency in open and closed source computer exploitation tools, attack techniques, procedures and trends.
• Performs research into emerging threat sources and develops threat profiles. Keep updated on latest cyber security threats.
• Demonstrates strong evidence of analytical ability and attention to detail. Has a broad understanding of all stages of incident response.
• Performing comprehensive computer monitoring, identifying vulnerabilities, Target mapping and profiling.
• Has a sound understanding of SIEM (Splunk, Datadog, Arcsight etc), PIM/PAM, EDR, O365 security suite and other threat detection platforms and Incident Response tools.
• Should have knowledge of integrating security solutions to SIEM tool and crate the use cases as per the best practices and customized requirements
• Has knowledge on working on ITSM tools such as JIRA, Service NOW etc
• Has a logical, disciplined and analytical approach to problem solving
• Has knowledge of current threat landscape such as APTs
• Has basic knowledge of Data Loss Prevention monitoring
• Has basic knowledge of audit requirements (SOC2, HIPPA, ISO27001, etc.)
• Should be flexible to work in 24*7 environment