SOC Admin L1

Primary KRA of the role

• Monitor SIEM alerts and conduct SOP based triaging
• Preparation of reports dashboards
• Work as primary of interface for customer stakeholders

Job Description

• Eye on Glass Monitoring on SIEM console
• Triaging of alerts based on available SOPs
• Escalate non-SOP alerts to Security Analysts after initial analysis
• Create new dashboards and monitoring channels for active monitoring of threats. Periodic reporting and dashboarding as per defined frequency
• Work with customer CFTs (Nw Security, EP security) for blocking IOCs
• Monitor SLA and tracking of same to ensure that targets are met and escalating tickets approaching SLA breach levels
• Follow up, Escalation of tickets.
• Work on rotational shifts (24 X 7) as per roster which may include public holidays and weekends
• Coordination and communication during major incident response

Mandatory Technology Knowledge

• Network Security DNS, DHCP, Proxy, routers, switches, LAN and End point security TCP/IP, WANs, LANs, and commonly used Internet protocols such as SMTP, HTTP, FTP, POP, LDAP etc.
• Prior experience of security incident management and vulnerability management processes
• Proficiency in MS Excel ( for reporting )
• Good communication and written skills
• LogRhythm(preferred) or any industry leading SIEM

Qualification

• Education Qualification Any Graduation/Intermediate/ Diploma with minimum 60%.
• 2 to 4 years of experience out of which last 1 years should be in SOC operations as L1 SOC Engineer. LR experience will be preferred

Mandatory Experience

• SIEM alert monitoring and Incident Management
• Threat Intelligence Brand monitoring, Deep and Dark Web Monitoring
• Should have actively supported Cyberdrills and regulatory audits