SOC Analyst - Incident Management

Role : SOC Analyst

Experience : 5+ years

Location : Bangalore (Work from Office)

Primary Responsibilities :

Incident Response and Investigation :

- Deep-dive incident analysis to determine root cause and impact.

- Conduct thorough investigations into security incidents, including malware analysis, network traffic analysis, and log analysis.

- Develop and implement effective incident response plans and procedures.

- Collaborate with other security teams to coordinate incident response activities.

Threat Hunting and Proactive Security :

- Actively hunt for threats and vulnerabilities within the organization's network and systems.

- Utilize threat intelligence and security analytics to identify and mitigate potential risks.

- Develop and implement advanced threat hunting techniques and tools.

SIEM Administration and Optimization :

- Administer and maintain SIEM solutions (e.g., Splunk, QRadar).

- Fine-tune SIEM rules and alerts to improve detection capabilities and reduce false positives.

- Perform SIEM upgrades, troubleshooting, and configuration changes.

- Develop custom searches, reports, and dashboards to enhance security monitoring and analysis.

Log Analysis and Correlation :

- Analyze logs from various sources (e.g., firewall, IDS/IPS, network devices, servers) to identify anomalies and security threats.

- Correlate log data to identify complex attack patterns and security incidents.

Security Tool Management :

- Manage and maintain security tools such as vulnerability scanners, intrusion detection systems, and endpoint security solutions.

- Configure and optimize security tools to maximize their effectiveness.

Automation and Scripting :

- Develop and implement automation scripts (Python, PowerShell, Bash) to streamline security tasks and improve efficiency.

- Automate routine security tasks, such as vulnerability scanning, patch management, and incident response.

Required Skills and Experience :

Technical Skills :

- Deep understanding of SIEM technologies (e.g., Splunk, QRadar)

- Strong knowledge of network protocols (TCP/IP, HTTP, DNS) and network traffic analysis

- Proficiency in scripting languages (Python, PowerShell, Bash)

- Experience with ELK Stack (Elasticsearch, Logstash, Kibana)

- Strong understanding of Windows, Linux, and network environments

- Experience with security tools (e.g., vulnerability scanners, IDS/IPS, endpoint security solutions)

- Knowledge of cloud security concepts and platforms (AWS, Azure, GCP)

Soft Skills :

- Strong analytical and problem-solving skills

- Excellent communication and interpersonal skills

- Ability to work independently and as part of a team

- Strong attention to detail

- Passion for cybersecurity and continuous learning

Desired Certifications :

- CISSP

- CISM

- CISA

- Security+