Resillion - Lead Security Engineer - Security Operations Center (9-14 yrs)

Company Description :

Help us to achieve our goal to be the global leader in total quality services. With your help we will achieve this by delivering Total Quality 360, a comprehensive suite of cutting-edge services which combine quality engineering, cyber security, conformance & interoperability and content quality to deliver end-to-end total quality solutions.

Here at Resillion, our culture is based on an 'if you see something, say something' attitude where we take responsibility. It's one where we expect to adapt and embrace change as the company grows.

It's based on recognising the individual worth of every one of our employees and developing their skills to keep us all at the forefront of our industry. Above all, it's a culture where we're passionate about what we do, and we're committed to the greater good of the company.

If you would like to be part of our journey, then this role may be the one for you.

Job Description :

Title : Lead SIEM Engineer/ SOC Engineering Lead.

Experience Range : 9-14 Years.

Location : Bangalore.

About You :

- The successful candidate will be a passionate information security professional with the ability to communicate to different business and IT leaders.

- The candidate will demonstrate drive, intelligence, maturity, and energy and will have a proven dedicated desire and attitude towards Information security related topics.

- The ideal candidate thrives in a fast-paced environment, with a strong preference for technical, hands-on work.

- They should also possess a keen aptitude for mentoring and coordinating the efforts of other engineers, enhancing team performance and cohesion.

- The candidate will exhibit a customer-focused mindset, employing a consultative approach to understand and meet client needs effectively, thereby ensuring superior service and support in all interactions.

Key responsibilities :

- Provide leadership and supervision to the SOC Engineering team ensuring tasks and projects are organised and completed to a high standard.

- Deploy and configure Microsoft Sentinel solutions for our customers, in support of enabling our Managed SOC services.

- Interact with customers and technical service leads to understand their business challenges and desired outcomes.

- Develop technical solutions to automate repeatable tasks, including Sentinel Workbooks and Logic Apps.

- Research, design, and implement cyber security solutions including but not limited to the Microsoft Security stack.

- Drive the review and update of client supporting documentation such as cyber security policies, architectures, standards, and playbooks.

- Conduct ongoing research around the threat landscape, including threat actors, TTPs and develop analytical rules, IR actions, investigation strategies and tooling.

- Support the SOC Team investigate and respond to client cyber security incidents taking an active role in incident response management.

- Ensure each customer's operational health is maintained and respond to all platform requests within agreed SLAs.

- Liaise with Account Managers across the business and assist with the presentation of SOC Monitor technology demonstrations to both current and prospective customers.

Required skills :

- Outstanding written and verbal communication skills in English, essential for effective collaboration and client engagement.

- Substantial experience in a customer-facing role, effectively communicating with diverse stakeholder groups.

- Demonstrated leadership in managing and guiding technical teams.

- Extensive experience within a Managed Security Service Provider (MSSP) environment.

- Advanced proficiency in SIEM, EDR, and EPP, with technical expertise in solutions including Microsoft Sentinel, Elastic, and CrowdStrike Falcon.

- Expertise in creating, tuning, and managing SIEM analytical rules to optimise threat detection and response capabilities, ensuring the efficacy and efficiency of security monitoring systems.

- A robust understanding of query and scripting languages such as KQL, Python, PowerShell, and RegEx, enhancing operational efficiency.

- Significant experience in leading responses to major security incidents.

- Comprehensive knowledge of Windows, Linux, and cloud technologies, particularly Microsoft Azure and Office 365.

- Proven ability in analysing complex data, making strategic recommendations, and presenting findings to client and management teams as part of continuous service improvement initiatives.

- Detailed understanding of attack vectors, skilled in distinguishing between normal and anomalous activities, and adept at recommending countermeasures and remediation strategies.

- Experience collaborating with penetration testers and Red Team members in conducting Purple Teaming events.

Qualifications :

- Degree in Computer Science, Information Security, or a related field - Must have.

- SC-200 Microsoft Security Operations Analyst - Must have.

- AZ-500 Microsoft Azure Security Technologies - Must have.

- SC-100 Microsoft Cybersecurity Architect - Highly desirable.

- CompTIA Security+ SY0-601 - Desirable.

- Certified Ethical Hacker (CEH) - Desirable.

- GIAC Security Essentials (GSEC) - Desirable.

- GIAC Certified Incident Handler (GCIH) - Desirable.