SOC L3 - Cyber Security

Job Description for SOC L3/Technical Lead

Required Skills and Knowledge

• Skilled in using incident handling methodologies.
• Skilled in collecting data from a variety of cyber defence resources.
• Skilled in recognizing and categorizing types of vulnerabilities and associated attacks.
• Experience detecting host and network-based intrusions using intrusion detection technologies.
• Experience to interpret the information collected by network tools (e.g., nslookup, Ping, and Traceroute).
• In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management, MITRE etc.
• Experience in threat management and threat intelligence
• Knowledge of applications, databases, middleware, Authentication, authorization, and access control methods.
• Key concepts in security management (e.g., Release Management, Patch Management),
• Operating system command-line tools like PowerShell, Packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump), Network tools (e.g., ping, traceroute, nslookup), Network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools, Windows/Unix ports and services.
• Working knowledge and experience with MS office with proficiency in Excel

Roles and Responsibilities:

• Lead and manage Security Operations Centre in an MSSP environment
• Ensure incident identification, assessment, quantification, reporting, communication, mitigation, and monitoring
• Ensure compliance to SLA, process adherence and process improvisation to achieve operational objectives
• Revise and develop processes to strengthen the current Security Operations Framework, review policies and highlight the challenges
• Responsible for team resources, overall use of resources and initiation of corrective action where required for Security Operations Center
• Creation of weekly, monthly, quarterly reports, dashboards, metrics for SOC operations and presentation to client and Sr. Mgmt.
• Interface both internal & external audits of the Security Operations Center (SOC)
• Ensure incidents and investigations are thoroughly documented for the purposes of facilitating record keeping, process improvement, lessons learned, trend analysis, and senior leadership reporting
• Conduct regular review with customer stakeholders, build and maintain positive working relationships with them
• Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities. Isolate and remove malware.
• Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).
• Provide daily summary reports of network events and activity relevant to cyber defense practices.
• Receive and analyse network alerts from various sources and determine possible causes of such alerts.
• Notify designated managers, cyber incident responders and articulate the event's history, status, and potential impact for further action in accordance with the organization's incident response plan.
• Analyse and report system security posture trends.
• Assess adequate access controls based on principles of least privilege and need-to-know. Work with stakeholders to resolve computer security incidents and vulnerability compliance.
• Creating SIEM correlation rules, custom reports, integrating threat intelligence feeds
• Administer, manage, configure, maintain, and support Security devices like Firewall, IDS/IPS, Proxies, Mail Gateways etc.
• Onboarding new customers in Build and Run and Build and Handover model
  

Candidate profile
Experience/ Qualifications:

• Bachelor's degree in Computer Science, Information Technology, Systems Engineering, or a related field.
• Good oral and written communication skills to collaborate with the team.
• Minimum 8+ years of Security engineering or Security Operations
• Understanding of how operating systems work and how exploitation works for different Operation Systems and applications.
• Understanding of network traffic and be able to analyse network traffic introduced by the malware.
• Thorough understanding of Windows and Linux Internals
• Knowledge of common hacking tools and techniques
• Experience in understanding and analysing various log formats from various sources.
• Experience in analysing reports generated of SOAR/SEM tools e.g. ArcSight, Elastic SIEM etc.

Security Certifications desirable

• Certified Incident Handler (GCIH)
• Certified SOC Analyst
• Certified Ethical hacker (CEH)
• CISSP/CISM