Senior Security Engineer

Scope of Work

Security Incident Response

• Provide Information Security Operations Center (ISOC) support on a 24x7x365 basis by shift work with rotation.

• Review information security alerts from various sources and based on the classification and its impact would prioritize the alerts and assign to the respective teams within Information Security Office.

• Conduct thorough investigative actions based on security events and remediate as dictated by standard operating procedures.

• Participate in all the phases of security incident response process, including detection, containment, eradication, and post-incident reporting.

• Record detailed Security Incident Response activities in the Case Management System.

• Use Security information and event management (SIEM) capabilities to develop alerts to detect anomalies.

• Assist in developing and maturing Security incident response.

• Maintain technical proficiency in information security concepts and related technologies through on the job training, performing individual research and attending training courses as necessary.

• Undertake knowledge sharing and training activities on various monitoring tools and remediation techniques on periodic basis.

• Experience in threat hunting in a diverse log and tool environment.

• Develop periodic status reports and monthly metrics for reporting purposes.

• Support R&D lab using virtual machines and monitor open source security research news, contribute to control testing and strengthening.

• Perform detailed analysis of attacks against web infrastructure. This includes identification of malicious code within URLs, collection of malicious plugins and/or exploits payload. Able to identify exploit and exploit tools involved in attacks. Able to identify packing techniques used to obfuscate URLs. Able to look at return traffic from exploitation activity looking for successful exploitation.

Information Security Operations Security Tools Management

• Help partner with technology operations groups to maintain the information security monitoring infrastructure and tools including but not limited to security event correlation tools, vulnerability scanning tools, internet content surveillance & filtering devices, and so on.

• Help develop, execute and maintain security tool fault management processes and procedures for all critical network security tool capabilities.

• Investigate opportunities to improve on security tool capabilities based on observed incidents or threats.

• Contribute to maintaining SOC tools documentation, coverage map, and security tool lifecycle plans including working with the IT Security Operations Manager to develop budget projections and cost/benefit analysis .

• Work as a liaison with vendors and purchasing departments to establish mutually acceptable contracts and service-level agreements.

Selection Criteria

• Minimum 6 years of Information Security experience required with majority of time in a SOC.

• Understanding of how operating systems work and how malware exploits them.

• Understanding of network traffic and be able to analyze network traffic from an Incident Response perspective.

• Knowledge of common hacking tools and techniques.

• Familiar with Cloud security and various security tools like AWS Guard Duty etc.

• Project tracking and reporting skills

• Experience in understanding and analyzing various log formats from various sources.

• Experience in analyzing reports generated of SIM/SEM tools, from incident perspective

• Good communication skills (Verbal and Written)

• Proficient experience with the following concepts and related toolsets:

• Network sniffers

• Process analysis tools

• Registry analysis tools

Preferred Skillsets

CEH, Security++

Certification in one or more of the following: CySA +, CyberForensics or Azure Security Analyst

Experience in

Incident Response, remediation, Malware analysis, Scripting Languages e.g. Python , PowerShell, SIEM [Splunk - Building Usecase , Enterprise Security writing Splunk queries]

Competencies

• Client Understanding and Advising - Looks at issues from the client s perspective and takes action beyond normal expectations to ensure client satisfaction.

• Learning Orientation - Stays abreast of new trends and developments in own specialty area, the broader industry, and exposes self to increasingly more challenging projects and opportunities to learn.

• Compliance with Standards - Monitors and maintains records on requests for information and assistance .

• Knowledge of Emerging Technology - Tests new technology to evaluate capability compared to specifications.