- Monitoring, analysing, and detecting security events and incidents
- Manage, tune, and optimise SIEM tool (LogRhythm), which includes evaluating existing rules, filters, events and use cases per the business requirement.
- Provide recommendation to client’s security team to optimise security controls such as IDS/IPS, endpoint security, vulnerability management, data loss prevention (DLP)
- Work with SOC manager for creating new operational guidelines, processes and procedures.
- Managing shifts / team in the 24X7 SOC Environment.
- Act as an first point of escalation for SOC team, and assist with handing out work assignments to the team members.
- Handling escalated security incidents/ issues. Responsible for deep dive analysis of escalated incidents, threat hunting & Malware analysis.
- Identify opportunities for continuous improvement in security operations
- Serve as primary operational contact with Client and Management in the absence of the manager.
- Ensure service level agreement are met and processes are followed.
- Guide and mentor L1 and L2. Lead analysts with investigation and mitigation of security threats and incidents.
- Develop and mentor staff by providing opportunity of growth through delegation, training and assignment of various projects.
- More than 5 years of experience in the information security field.
- Well versed with Security operations, Intrusion detection and incident handling
- Security monitoring experience with one or more SIEM technologies – LogRhythm, Splunk
- Strong team player and ability to work in a challenging and constantly changing environment. Strong customer service focus with an understanding of client expectations.
- Knowledge of current and emerging technologies and processes used within a SOC to improve efficiency and effectiveness.
- Strong communication, writing and interpersonal skills. Strong leadership skills with the ability with the ability to prioritize and execute in a methodical and disciplined manner, as well as to set and manage expectations with stakeholders and team members.
- Proficiency with case management and ticketing systems.
- Experience in working for Dynamic SOC environments and numerous SOC tools listed below:
- Sourcefire IPS/ IDS
- Cisco AMP
- Digital Guardian
- Cisco Ironport
- System Center Endpoint Protection
- Good Network Security knowledge, TCP/IP, Linux, Windows, etc.
|Company||EthicalHat Cyber Security Pvt. Ltd.|