Technical Support Engineer

Job Description

EXPERIENCE: 5 – 8 Years RESPONSIBILITIES (INCLUDES TASKS AND AUTHORITIES): Key Responsibilities Detect, identify, and promptly alert on potential attacks, intrusions, anomalous activities, and misuse, distinguishing them from benign events. Conduct research, analysis, and correlation across diverse data sets to identify indications and warnings of threats. Analyze network alerts from multiple sources and determine their root causes and potential impact. Provide daily summary reports of relevant network and security events. Notify and coordinate with managers and incident responders, clearly articulating event history, status, and potential business impact as per the incident response plan. Analyze and report on system security posture trends. Assess access controls based on the principles of least privilege and need-to-know. Perform vulnerability management, including scanning, analysis, and follow-up on critical vulnerabilities. Lead and participate in incident response activities, including root cause analysis and remediation recommendations. Develop, review, and maintain SIEM correlation rules and incident response playbooks. Provide mentorship and guidance to L1 SOC analysts, reviewing and escalating tickets as needed. Stay current with emerging threats, vulnerabilities, and regulatory security requirements. Required Skills & Experience 2–4 years of experience in a SOC environment, with at least 1 year in a Level 2 (L2) role Proficiency in Splunk SIEM: log analysis, rule creation, dashboarding, and incident investigation1 Hands-on experience with Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) platforms. Strong knowledge of network security protocols, intrusion detection/prevention systems (IDS/IPS), and firewall/VPN technologies Ability to perform packet-level analysis using tools such as Wireshark or tcpdump Experience in malware analysis, digital forensics, and threat intelligence platforms1 Familiarity with authentication, authorization, and access control methods. Strong understanding of incident response and handling methodologies. Experience interpreting data from network tools (e.g., nslookup, ping, traceroute). Knowledge of Windows/Unix ports, services, and operating system command-line tools. Understanding of key security management concepts (e.g., patch management, release management). Excellent analytical, problem-solving, and communication skills Experience in documenting and reporting security incidents and trends. CERTIFICATIONS(Any three): Relevant certifications such as SPLUNK, Certified SOC Analyst (CSA) , CompTIA Security+: TECHNICAL SKILLS /COMPETENCIES: MANDATORY Experience with SIEM (e.g. Splunk, XDR) SIEM tools (e.g., Splunk, QRadar) Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) Firewall and VPN technologies Threat intelligence platforms & Endpoint detection and response tools Hands-on experience with Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) platforms. Strong knowledge of network security protocols, intrusion detection/prevention systems (IDS/IPS), and firewall/VPN technologiesa Show more Show less