L3 SOC Analyst - SIEM (7-10 yrs)

Job Description :

Education :

- Undergraduate degree or equivalent experience

- Minimum 8 plus overall experience out of minimum 5 Yrs. of relevant experience in

- Information security domain.

- Proven expertise of Security Operations (L2/ L3) in Infrastructure Security Services

domains.

- Ability to resolve issues pertaining to security solutions implemented at client locations.

- Working experience on incident response, threat protections, SecOps, identity & Access

management & vulnerability management

Technical Skills :

SIEM Skills :

- Create, modify, and tune the SIEM rules to adjust the specifications of alerts and incidents.

- Knowledge Integrating various log sources like Windows, Linux, Pala alto firewall , AWS, Etc.

- To provide continual correlation rule tuning, incident classification and prioritization

recommendations.

- Report query adjustments, and various other SIEM configuration activities.

- Ability to fully optimize the SIEM system capabilities as well as the audit and logging

features of the event log sources.

- Work closely with the other teams related to Network, Device, Policy, connectivity issues

etc.

- Identify new opportunities/threats in the network to improve the security of the network

- Monitor and administer enterprise log correlation (SIEM)

- Select, design, implement and manage security measures to reduce the risk of loss

VM Skills

- Collecting, analyzing, interpreting, evaluating, and integrating vulnerability data from

multiple sources to update existing product

- Vulnerability/exploit research and creating signatures for the same

- Handle Customer escalations, to identify False-Positive & False-Negative

- Actively investigate the latest in security vulnerabilities, advisories, incidents, and provide

insights (sources like, Microsoft, Oracle, etc)

- Troubleshooting security vulnerability issues/ gaps that arise

- Vulnerability data discovery and validation (Data efficacy & Accuracy)

- Develop, test and modify custom scripts for vulnerability content

- Manually/Automate analyzing new CVE information published

Skills :

- Monitor and analyzing Threat hunting, Deep investing on Cortex XDR Alerts, Detection,

Incidents.

- Troubleshoot and Configure Prevention Policies, Custom IOA Rule Groups, Detections

Management, Exclusions, IOC Management, Firewall Policies, Firewall Rule Groups, USB

- Device Policies, Response Policies, Response Scripts & Files, Containment Policy, Sensor

Update Policies.

- Should be able to check and utilize all Vulnerability feature in spotlight.

PAM Skills :

- Perform daily tasks that include reconciliation of servers, daily health check of the PAM

servers, run daily compliance reports, etc.

- Manage Privileged Session Management and associated policies.

- Create and manage Platforms, Policies and Safes for Privileged IDs.

- Responsible for Privileged User account administration for various platforms including

Windows, UNIX, LDAP, Databases.

- Manage Service Accounts, Non-Production Accounts, Test Accounts within the vaults.

- Develop and maintain documentation for security systems and procedures.

Reporting and metrics :

Management skills :

1. Analyse, investigate, lead and coordinate responses to complex, advanced security events and alerts, perform forensic analysis to understand extent of compromise by using respective tools.

2. Monitor, analyse security threats, vulnerabilities and trends by utilize threat intelligence to enhance detection and response capabilities.

3. Provide guidance, conduct trainings and support to level 1 and 2 SOC analysts

4. Collaborate, Assist with security engineers to deploy, develop, implement and manage security tools and architecture.

5. Work closely with IT and security teams to coordinate efforts

6. Identify opportunities for improving security processes and technology

7. Stay upto date on cybersecurity trendsand threats.

8. documenting security incidents, responses and related information in accordance

with procedures