SOC SIEM

Consultant 2-4years - Mumbai

Job description

• 24x7 (rotating shifts) monitoring of SOC SIEM (Preferred IBM QRadar SIEM) .
• Candidate should be knowledgeable to leverage SOAR for SOC incident monitoring.
• Triage, analyze & respond to SIEM incidents/events to articulate the analysis with clear response guidance to other teams via tools like ticketing systems, emails etc.
• Optimizes threat detection products for data security information and event management (SIEM), advanced email protection, endpoint detection and response (EDR), antivirus, intrusion detection systems, firewalls, proxies, and other industry standard security technologies
• Works closely with Level 2 & Level 3 team towards the continuous improvement of the service
• Should have expertise on TCP/IP network traffic and event log analysis.
• Having strong perseverance to keep the Incident response actions focused & progressed.
• Ability to effectively communicate (orally & written) complex technical issues to a diverse set of audience that include technical, non-technical & executive level staff
• Experience working in a Threat Intel team or Threat Hunting team would be a bonus

Deputy Manager 6-10 years - Mumbai

Job description

• Minimum of 6-10 years experience manage large Security Operation Centers projects
• Responsible for adherence of SLA for all tickets and deliverables in the project
• Advise and tracks remediation of issues found during an incident or vulnerability that is required to conclude a security investigation
• Responsible for the validation and analysis of investigations within Security Operations Center (SOC) done by L1/L2
• Good understanding of SOC concepts and log review from various sources such as IBM QRadar SIEM, Palo Alto and SOAR
• Responsible for completing the documentation of the investigation; determine the validity and priority of the activity and Carry out Level 3 triage of incoming issues and escalate to L4 if needed
• Creation of SOPs and run book and maintain it.
• Provide communication and escalation support to L1/L2 throughout the incident per the SOC guidelines.
• Ensure that all security events and incidents (internal / external) are logged into ServiceNow and regularly updated and closed within the set SLAs
• Strong technical understanding of network fundamentals and common Internet protocols, specifically DNS, HTTP, HTTPS / TLS, and SMTP
• Knowledgeable in the fundamentals of firewall, IDS/IPS, EPP/EDR, FIM, WAF, VPN, and other security protective/detective controls.
• Knowledge of email security threats and security controls, including experience analyzing email headers Experience analyzing network traffic using tools such as Wireshark, to investigate either security issues or complex operational issues
• Familiarity with core concepts of security incident response, e.g., the typical phases of response, vulnerabilities vs threats vs actors, Indicators of Compromise (IoCs), etc.
• Must be able to map security incidents with MITRE ATT&CK framework or the cyber kill chain
• Consulting for creation of threat-based use cases will be an added advantage
• Would be playing the role of a shift lead for L1/L2 teams

Consultant 2-5 years - Hyderabad

Job description

• 3-5 years of experience in 24x7 (rotating shifts) monitoring at a Security Operations centre
• Hands-on experience in security tools such as IBM QRadar, FireEye Anti-APT solution
• Review and triage information security alerts worked by L1, provide analysis, determine and track remediation, and escalate as appropriate
• Desirable to have experience of SOC Monitoring and tirage using SOAR • Knowledge on XDR can be an added advantage
• Knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
• Fundamental understanding of network traffic analysis including TCP/IP, routing, switching, protocols, etc.
• Reviews the most recent SIEM alerts to see their relevance and urgency. Carries out triage to ensure that a genuine security incident is occurring. Oversees and configures security monitoring tools • Inform L3 team of proactive and reactive actions to minimize false positives
• Maintain, manage, improve and update security incident process and protocol documentation (Run Book) • Strong understanding of Windows event log analysis
• Acts as Security Incident Handler for high-impact cyber security incidents and advanced attacks in accordance with Cyber Kill Chain methodology and incident response process.
• Conducts malware analysis and identification of Indicators of Compromise (IOCs) to evaluate incident scope and associated impact.
• Enhances workflow and processes driving incident response and mitigation efforts • Practical understanding of exploits, vulnerabilities, computer network intrusions, adversary tactics, exfiltration techniques and common knowledge
• Demonstrate proficiency in the Incident Response Process as well as the performance of threat hunting and SOC operations.
• Log analysis across disparate log sources, prioritize and differentiate between potential intrusion attempts and false alarms
• Sound understanding of different attack frameworks like Kill Chain & MITRE & ability to utilize them for incident response & reporting.

Assistant Manager 4-6 years- Hyderabad

Job description

• 3-6 years of experience in 24x7 (rotating shifts) monitoring at a Security Operations centre
• Hands-on experience in security tools such as IBM QRadar, FireEye Anti-APT solution
• Review and triage information security alerts worked by L1, provide analysis, determine and track remediation, and escalate as appropriate
• Desirable to have experience of SOC Monitoring and tirage using SOAR • Knowledge on XDR can be an added advantage
• Knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
• Fundamental understanding of network traffic analysis including TCP/IP, routing, switching, protocols, etc.
• Reviews the most recent SIEM alerts to see their relevance and urgency. Carries out triage to ensure that a genuine security incident is occurring. Oversees and configures security monitoring tools • Inform L3 team of proactive and reactive actions to minimize false positives
• Maintain, manage, improve and update security incident process and protocol documentation (Run Book) • Strong understanding of Windows event log analysis
• Acts as Security Incident Handler for high-impact cyber security incidents and advanced attacks in accordance with Cyber Kill Chain methodology and incident response process.
• Conducts malware analysis and identification of Indicators of Compromise (IOCs) to evaluate incident scope and associated impact.
• Enhances workflow and processes driving incident response and mitigation efforts • Practical understanding of exploits, vulnerabilities, computer network intrusions, adversary tactics, exfiltration techniques and common knowledge
• Demonstrate proficiency in the Incident Response Process as well as the performance of threat hunting and SOC operations.
• Log analysis across disparate log sources, prioritize and differentiate between potential intrusion attempts and false alarms
• Sound understanding of different attack frameworks like Kill Chain & MITRE & ability to utilize them for incident response & reporting.
• Must be creating Bi-weekly/ Governance reports around the SOC operations for the Senior Management