T&T:Cyber:D&R:SIEM:AM

• 3-5 years of experience in 24x7 (rotating shifts) monitoring at a Security Operations centre
• Hands-on experience in security tools such as IBM QRadar, FireEye Anti-APT solution
• Review and triage information security alerts worked by L1, provide analysis, determine and track remediation, and escalate as appropriate
• Desirable to have experience of SOC Monitoring and tirage using SOAR Knowledge on XDR can be an added advantage.
• Knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
• Fundamental understanding of network traffic analysis including TCP/IP, routing, switching, protocols, etc.
• Reviews the most recent SIEM alerts to see their relevance and urgency. Carries out triage to ensure that a genuine security incident is occurring. Oversees and configures security monitoring tools Inform L3 team of proactive and reactive actions to minimize false positives
• Maintain, manage, improve and update security incident process and protocol documentation (Run Book)

Strong understanding of Windows event log analysis

• Acts as Security Incident Handler for high-impact cyber security incidents and advanced attacks in accordance with Cyber Kill Chain methodology and incident response process.
• Conducts malware analysis and identification of Indicators of Compromise (IOCs) to evaluate incident scope and associated impact.
• Enhances workflow and processes driving incident response and mitigation efforts Practical understanding of exploits, vulnerabilities, computer network intrusions, adversary tactics, exfiltration techniques and common knowledge
• Demonstrate proficiency in the Incident Response Process as well as the performance of threat hunting and SOC operations.
• Log analysis across disparate log sources, prioritize and differentiate between potential intrusion attempts and false alarms
• Sound understanding of different attack frameworks like Kill Chain & MITRE & ability to utilize them for incident response & reporting.