Lead Engineer - Security Operations Center (8-19 yrs)

Job Description :

The SOC Analyst -L3 will be part of existing Global SOC team and will be responsible for day-to-day security operations by responding to and investigating security events of interest and recommending or taking corrective action by working with IT and non-IT team members. They will also respond to security incident and investigation requests in line with established Security Incident Response processes and procedures, within defined service level targets.

This position requires shift work in a 24-7-365 environment.

SOC Responsibilities :

- Responsible for responding to security incidents identified by internal controls or external SOC partners

- Strictly adhere to service level agreements (SLAs), metrics and business scorecard obligations for ticket handling of security incidents and events.

- Proficient in Incident Response and automation workflows as it relates to Security Operations Detects, identifies, and responds to cyber events, and incidents in line with cyber security policies and procedures

- Should be capable to, independently and with minimal guidance from SOC Leadership, Lead and manage security event investigations, partnering with other departments as needed

- Coordinate and appropriately escalate as per protocols during incident response efforts, assists with classifying security events, direct and guide remediation, support documentation as needed

- Responsible for working as an Incident responder and align with Team in documenting the incident life cycle, conducting handoffs', escalation, and providing support during cyber incident investigations.

- Proficient in Threat Research and understands the latest malware trends, common attack TTPs, and the general threat landscape

- Provide reactive threat hunting to detect incidents, tune rules and thresholds to improve fidelity of alerts

- Train, mentor and motivate junior team members

Documentation and Reporting :

- Evaluate and update current SOC procedures and runbooks update as required or directed

- Providing daily handover / shift details

- Ensure timely delivery of Daily / Weekly / Monthly reporting as per requirements of Management

QUALIFICATIONS :

Education :

- Bachelor's degree in Computer Science, Information Technology, Business or equivalent discipline

- Professional Certifications like CEH, CCSE, CCNA, Security+, etc.

- SIEM certification or Security technology related certification is a plus.

- At least 5 years of experience in Enterprise Cybersecurity or with a reputed Services / consulting firm offering Security Consulting, Implementation and Managed Security services

- More than 3 year of technical experience in Security Operations Center (SOC) and Information Security required

- Experience with one or more Security Information and Event Management (SIEM) solutions

General Requirements :

- Candidate should be willing to work in 24-7-365 shifts

- Candidate should be able to work from Office located in Mumbai

- Experience with one or more Security Information and Event Management (SIEM) solutions

- Understanding of common Attack methods and their SIEM signatures

- Experience in security monitoring, Incident Response (IR) and security remediation

- Strong knowledge and experience in Security Event Analysis capability

- Understanding of network protocols (TCP/IP stack, SSL/TLS, IPSEC, SMTP/IMAP, FTP, HTTP etc.)

- Understanding of Operating System, Web Server, database, and Security devices (firewall/NIDS/NIPS) logs and log formats

- Strong analytical and problem-solving skills

- High level of personal integrity, and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity

- Ability to interact effectively at all levels with sensitivity to cultural diversity

- Ability to adapt as the external environment and organization evolves

- Passionate about Cybersecurity domain and has the inclination to learn current technologies / concepts / improvements

- Knowledge of cyber security frameworks and attack methodologies

- Experience working with EDRs, Proxies, and anti-virus

- Knowledge of intrusion detection methodologies and techniques for detecting host- and network based intrusions via intrusion detection technologies

- Excellent verbal and written English communication skills