Cognizant is looking For Soc Engineer !!!

Role & responsibilities

Detailed Job Description

=============

• 24/7/365 analysis and response for Security Events.

• Provide security event monitoring, analysis, triage incident alerting, and reporting using
Security console / Monitoring tool.

• Fine-tune of false-positive alerts & update false positive knowledge database.

• Creating monitoring trends, baselines.

• Monitor Security Events from IDS/IPS, firewall, windows, Linux, etc.

• Working on Phishing/spam emails.

• Develop and maintain response playbooks with input from MSK Information Security
office.

• Conduct initial triage and pre-approved/determined remediation or escalation (as
appropriate) for various incident. types including denial of service, hacking, malware,
phishing, unauthorized access, etc.

• Identify gaps in existing monitoring/alerting and work with MSK Information Security
office to address the same.

• Develop additional alerts/correlations as needed to better respond to emerging threats.

• Implement automation as needed to help streamline response.

• Track and report on metrics for incident response activities.

• Manage, investigate and respond to alerts from SIEM environment.

• Assist in integrating new log sources in the SIEM tool.

• Assist in setting up additional SIEM alert rules and finetuning.

• Inform on monitoring and reporting leading practices and develop use cases on how to
use SIEM technologies.

• Identify security events and work with IT security and business groups, per the incident
management and escalation processes in ITSM tool.

• Perform System Health & Performance of SIEM solution.

• Monitoring of ServiceNow ticket queues and associated/MSK mailboxes.

• Weekly reports for adherence to established SLAs

• Configuration changes or minor upgrades through documented SOPs and mutually
agreed under L1 scope of work

• Representation in daily Ready for Business (RFB), Change Approval Board (CAB) and
Major Incident meetings"