Sr Engineer- Cyber & SIEM

Must have- Cyber Security, SIEM & Endpoint

Key Responsibilities:
1. SOC Management and Supervision:

Oversee the day-to-day operations of the SOC, ensuring effective monitoring, detection, and response to security incidents.
Manage and mentor a team of security analysts, providing guidance, training, and performance evaluations.
Develop and implement SOC policies, procedures, and workflows to enhance operational efficiency.
Possess in-depth technical knowledge of various security controls, including the ability to craft Security Information and Event Management (SIEM) queries, understand Data Loss Prevention (DLP), Cloud Access Security Broker (CASB), Endpoint Detection and Response (EDR)/Endpoint Protection Platform (EPP), Web Application Firewall (WAF), Firewalls (FW), and conduct Network Traffic Analysis.
Investigate alerts to reduce false positives, thereby minimizing unnecessary workload for L1 analysts, and provide well-analyzed whitelist suggestions.

2. Incident Response:

Coordinate and lead the response to security incidents, ensuring proper documentation, communication, and remediation.
Conduct post-incident analysis to identify root causes and recommend preventive measures.
Ensure compliance with incident response protocols and regulatory requirements.
Maintain Security Operations Center (SOC) metrics, including Mean Time to Detect (MTTD), Mean Time to Respond (MTTR), and Mean Time to Contain (MTTC), to measure and improve incident response times.

3. Threat Management:

Monitor threat intelligence feeds and ensure timely dissemination of relevant information to the SOC team.
Oversee threat hunting activities to proactively identify and mitigate potential security threats.
Collaborate with external partners and stakeholders to enhance threat detection capabilities.
Support the L1 team by performing detailed technical analyses to identify anomalies and escalate significant findings to management for further action.

4. Security Monitoring and Reporting:

Ensure timely follow-ups and closure of incidents pending for more than seven days to maintain operational efficiency.
Support the L1 team by performing detailed technical analyses to identify anomalies and escalate significant findings to management for further action.
Ensure continuous monitoring of security alerts and events through SIEM (Security Information and Event Management) and other monitoring tools.
Develop and maintain security metrics and dashboards to provide visibility into SOC performance and security posture.
Prepare and present regular reports on security incidents, trends, and SOC activities to senior management.

5. Compliance and Audit:

Ensure SOC operations comply with relevant regulatory requirements and industry standards (e.g., GDPR, ISO 27001).
Assist in supporting various internal and external audits, including SOC 2, Department of Telecommunications (DoT), and International Organization for Standardization (ISO) compliance checks, to ensure the organization meets regulatory standards.
Maintain up-to-date documentation of SOC processes and procedures.

6. Continuous Improvement:

Develop and update playbooks for L1 analysts to streamline the Incident Response Plan (IRP) process for expedited investigation and resolution of incidents.
Identify opportunities for improving SOC operations, including technology upgrades, process enhancements, and staff development.
Lead initiatives to implement best practices and innovative solutions in security operations.
Stay current with emerging security trends, threats, and technologies to ensure the SOC remains effective.

Qualifications and Skills:
Education and Experience:

Bachelor s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
Minimum of 4 years of experience in cybersecurity, with at least 2 years in a SOC environment.
Experience in a leadership or supervisory role within a SOC is preferred.

Technical Skills:

Proficiency in security monitoring tools and technologies, such as SIEM, IDS/IPS, EDR, and threat intelligence platforms.
Strong understanding of network protocols, firewalls, VPNs, and other security technologies.
Knowledge of common attack vectors, threat actors, and incident response methodologies.

Certifications:

Relevant industry certifications such as CISSP, CISM, CEH, or GIAC are highly desirable.

Soft Skills:

Excellent leadership and team management skills.
Strong analytical and problem-solving abilities.
Effective communication skills, both written and verbal.
Ability to work under pressure and manage multiple priorities.

Working Conditions:
This role typically operates in an office environment with 24x7 working hours.
May require availability for on-call support and response to security incidents outside regular business hours.
Some travel may be required for training, conferences, or collaboration with other offices.