SOC Lead

We are looking for a SOC lead in the Cyber Security group, please refer the details below:

Location: Pune

Exp Range 8-12 Years

The Fiserv Cybersecurity Incident Response Team (CSIRT) is responsible for providing a systematic response to cyber security incidents. The mission is to promptly respond to security incidents to minimize their impact and to restore all services to normal operational state as soon as possible. Comprehend the main reasons that led to the security incident to avoid recurrence in the future. Analyze security incidents to estimate the frequency and impact of such events and measure the effectiveness of the existing countermeasures/controls​​​​​​​.

Key Functions involve ​​​​​​​Continuous monitoring to identify cybersecurity events that should be investigated; Prioritization and investigation of events and incidents; & Containment, eradication and recovery from cybersecurity incidents.

Role Description

Role: Incident Handler

Role Description:

• As a CSIRT Analyst, you will be an integral part of our Global Cybersecurity team, focusing on detecting, analyzing, and responding to security incidents and threats. You will work closely with a 24x7 Response team to ensure timely and effective incident response, as well as collaborate with various stakeholders across the organization to enhance our overall security posture.
• The right candidate will be responsible for responding to security incidents, building playbooks and workflows, and working with management to improve the overall corporate security posture.
• The candidate needs to have in depth knowledge of any of the industry wide used Security Information Event Management Tools (SIEM, IDS/IPS, EDR).
• Should have knowledge of Email Security Tools, various Operating Systems viz: Windows, Linux & Unix, Networking Protocols (TCP/IP, DNS, HTTP), Encryption and Cryptography, Web Security (OWASP Top 10), Cloud Security, Incident Response Frameworks (NIST SP 800-61, SANS), Programming and Scripting (Python, PowerShell, Bash), Malware Analysis, Vulnerability Management.
  

Incident Handler- CSIRT

What does a great Incident Handler do?

Great incident handler is professional with extensive experience and expertise in handling complex and critical security incidents. They serve as a part of an incident response team and are responsible for more challenging and escalated incidents that could have significant impacts on an organization's security.

What You will do:

• Incident Analysis: Conducting in-depth analysis of complex security incidents to understand the scope, impact, and root cause of the incident.
• Incident Response: Leading and coordinating the response efforts to contain and remediate the incident effectively.
• Forensics: Conducting digital forensics and detailed investigations to collect evidence and identify the source and extent of the breach.
• Malware Analysis: Analyzing sophisticated malware and understanding its behavior and capabilities to develop appropriate countermeasures.
• Vulnerability Research: Staying updated with the latest security vulnerabilities and emerging threats to improve the organization's defenses proactively.
• Threat Intelligence: Utilizing threat intelligence to identify and counter potential threats targeting the organization.
• Incident Documentation: Ensuring comprehensive and accurate documentation of incident response activities, findings, and lessons learned for future reference.
• Collaboration: Working closely with other teams, such as Tier 1 and Tier 2 incident handlers, IT teams, legal, and management, to address incidents effectively.

What You Will Need to Have:

• 3 to 5 years of professional Cybersecurity incident handling experience in a Security Monitoring Center or a Security Operating Center environment.
• Experience with Security Information Event Management (SIEM) tools, creating advanced co-relation rules, administration of SIEM, system hardening, and Vulnerability Assessments.
• Detailed understanding of network architectures and services (routing, switching, web, DNS, email).
• Perl, Python and REST API scripting experience for automation of manual security event data review and analysis.
• Should have expertise on TCP/IP network traffic and event log analysis.
• Knowledge and hands-on experience with Chronical, QRadar, NetIQ Sentinel or any SIEM tool.
• Knowledge of ITIL disciplines such as Incident, Problem and Change Management
• Bachelor or Masters of Science in Information Security, Computer Science, Risk Management, Information Technology, Engineering, Mathematics. Will consider equivalent relevant experience.

What Would Be Great to Have:

• Threat Hunting skills
• Reverse Malware analysis
• Harvesting Cyber Threat Intelligence