Jobs

Job Description:

• Lead the analysis and investigation of information security events (IDS/DLP/SIEM/etc.) in a 24X7 SOC environment to immediately detect, verify, and respond swiftly to cyber threats, and remove false positive.
• Serve as a technical point of escalation and provide mentoring for L1 Security Operations Center (SOC) analysts.
• Responsible for investigating incidents, analysing attack methods, researching new defense techniques and tools, developing security policy, and documenting procedures for SOC.
• Maintain baselines for secure configuration and operations
• Malware analysis and other attack analysis to extract indicators of compromise. Perform data security event correlation between various systems.
• Prepare reports, summaries, and other forms of communication that may be both internal and client facing.
• Maintain familiarity with industry trends and security best practices.
• Ensure compliance to SLA, process adherence and process improvisation to achieve operational objectives.

Desired Candidate Profile:

• B.Tech / Bachelor’s Degree in Computer Science, Information Systems  and 3- 4 years’ work experience in a relevant role, i.e. SOC Analyst, Incident Response, Cybersecurity Threat Analyst
• Attention to detail in conducting analysis combined with an ability to accurately record full documentation in support of their work.
• Excellent Oral and written communication skills
• Experience with event analysis leveraging below mentioned tools
  • LogRhythm
  • Sourcefire IPS/ IDS
  • Cisco AMP
  • Digital Guardian (DLP)
  • Cisco IronPort
  • Cloudflare
• Problem solving and troubleshooting skills with the ability to exercise mature judgment.

Job Description:

• Monitoring, analysing, and detecting security events and incidents
• Manage, tune, and optimise SIEM tool (LogRhythm), which includes evaluating existing rules, filters, events and use cases per the business requirement.
• Provide recommendation to client’s security team to optimise security controls such as IDS/IPS, endpoint security, vulnerability management, data loss prevention (DLP)
• Work with SOC manager for creating new operational guidelines, processes and procedures.
• Managing shifts / team in the 24X7 SOC Environment.
• Act as an first point of escalation for SOC team, and assist with handing out work assignments to the team members.
• Handling escalated security incidents/ issues. Responsible for deep dive analysis of escalated incidents, threat hunting & Malware analysis.
• Identify opportunities for continuous improvement in security operations
• Serve as primary operational contact with Client and Management in the absence of the manager.
• Ensure service level agreement are met and processes are followed.
• Guide and mentor L1 and L2. Lead analysts with investigation and mitigation of security threats and incidents.
• Develop and mentor staff by providing opportunity of growth through delegation, training and assignment of various projects.

 

Required Experience:

• More than 5 years of experience in the information security field.
• Well versed with Security operations, Intrusion detection and incident handling
• Security monitoring experience with one or more SIEM technologies – LogRhythm, Splunk
• Strong team player and ability to work in a challenging and constantly changing environment. Strong customer service focus with an understanding of client expectations.
• Knowledge of current and emerging technologies and processes used within a SOC to improve efficiency and effectiveness.
• Strong communication, writing and interpersonal skills. Strong leadership skills with the ability with the ability to prioritize and execute in a methodical and disciplined manner, as well as to set and manage expectations with stakeholders and team members.
• Proficiency with case management and ticketing systems.
• Experience in working for Dynamic SOC environments and numerous SOC tools listed below:
  • LogRhythm
  • Sourcefire IPS/ IDS
  • Cisco AMP
  • Digital Guardian
  • Cisco Ironport
  • Cloudflare
  • System Center Endpoint Protection
• Good Network Security knowledge, TCP/IP, Linux, Windows, etc.

Required Experience: 3 to 5 years Job Description:

• Expert in Python, with good knowledge of JavaScript (Node.js), Go and shell scripting (Bash or ZSH).

• Hands-on experience with serverless services on AWS, such as Lambda, DynamoDB, API Gateway, SNS, SQS, S3 and Fargate (ECS).

• Experience in containerizing software using Docker, with a good understanding of the internals of Docker images and containers. Experience with Docker Compose or Kubernetes is good to have.

• Experience with infrastructure-as-code, especially using the Serverless framework, SAM or CloudFormation templates. Knowledge of other infrastructure-as-code tools such as Terraform is good to have.

• Experience in designing the back-end architecture of distributed, event-driven systems. Good understanding of distributed system concepts such as load balancing, sharding, read-write replicas, caching, fan-out etc.

• Good knowledge of internet protocols and services such as HTTP, TLS, SSH, DNS, TCP, UDP etc.

• Some knowledge of security attacks such as XSS, CSRF, SQL injection, buffer overflow, denial of service etc. along with their defence techniques is good to have.

• Good understanding of software development best practices, such as following coding conventions (regarding formatting, naming etc.), unit and integration testing, software architecture (clean architecture, SOLID principles etc.), and code complexity and quality measurement.

• Experience in designing RESTful API schemas.

• Good understanding of at least one SQL database such as MySQL or PostgreSQL, and at least two NoSQL databases/data stores such as DynamoDB, Elasticsearch or MongoDB.

• Experience in setting up background and/or periodic tasks using job queues and message brokers like Celery, RQ, RabbitMQ etc. or using cloud services such as AWS CloudWatch events.

• Experience in deploying web applications (either server-based or serverless) to various cloud platforms such as AWS/GCP/Azure/DigitalOcean/Heroku etc.

• Experience in setting up CI/CD pipelines for both front-end and back-end applications, using services like GitHub Actions, AWS CodePipeline, CircleCI etc.

• Good knowledge of HTML5 and CSS3 concepts (such as flexbox, canvas, CSS grid etc.) with experience in working with UI libraries like Bootstrap 4+, Semantic UI, Materialize or Material Components for Web.

• Experience in any component-based front-end library such as Vue.js (recommended), React, Angular or Svelte. Experience in Nuxt.js or Next.js is good to have.

EthicalHat has an immediate job opportunity for an experienced Security Operations Center Manager with a strong background in security. This position has high visibility and is directly accountable for the effective and efficient management of the Security Operations Center (SOC). The SOC Manager will manage day-to-day activities in the Global Security Operations Center and oversee, monitor, and guide the daily job performance of SOC team. Desired Candidate Profile:

• 4+ Years experience of handling SOC.
• 10+ years experience of Security Operations management, incident response, SOC
• Good experience of SIEM concepts and hands on experience on tolls such as LogRhythm, Sourcefire, Cisco AMP.
• Expertise and experience in security operational services: unified threat management, anti-virus, SIEM, DDOS / DOS, threat and vulnerability management, cyber investigations, and cyber security forensic investigations.
• Advanced knowledge of best practice standards and procedures regarding information systems applications security, data security, and infrastructure security.
• Strong time management and leadership skills.
• Must have excellent writing and communication skills.
• Strong knowledge of networking and security fundamentals.
• Ability to prioritise and drive to results with a high emphasis on quality.