e-Hireo
Location
Bangalore | India
Job description
•3 to 5 years' experience in Cyber Security; previous SOC experience beneficial.
Ready to Work in 24x7 rotational shift SOC Monitoring Operation support.
• Must have in depth knowledge on phishing alerts,email header analysis,endpoint alert analysis,O365 Defender & email gateway is a plus.
•Understanding of the Cyber Kill Chain, MITRE ATT&CK and other information security defence and intelligence frameworks & Incident response life cycle.
•Proficient with SIEM technologies (Security Information and Event Management e.g. ELK/Splunk/MS sentinel ot other SIEM TOOL)
•Participate in the development of strategic goals for SOC Operation.
•Work with engineering teams to optimize alert data/Splunk Search/KQL data ingest and search.
•Conduct research and make recommendations on data products, services, and standard Basics based on alerts. •Participated in problem resolving, change, release, and event/Incident management in Ticketing Tools like Service Now & in SIEM Tool.
•Used Splunk/MS Sentinal/for name search pattern & workooks in Sentinel for a customer.
•Understanding in log/event correlations & buildsearch Query in Splunk/Sentinel.
•Monitored different dashboards based on the anomaly levels & Analyse & recommend to customers with the remidiation actions.
•Experienced in creating Alert Playbooks.
• can Work on scripting the automated solution of the platform monitoring with python etc.
•Gathered the business requirements by coordinating and communicating with business team.
•Prepared the documents for the mapping design and SOC Operation support.
•Responsible to implement search queries in Splunk/MS Sentinal in support to investigation/Analysis.
•Experience in supporting Incident detection and response systems.
•Hand on experience with Splunk/MS Sentinal SIEM(KQL) or any other SIEM TOOL.
• SPOC for all SOC Incident related requests/issues.
•Ready to go through all modifications and deployments & Learnings. Strong verbal and writing skills. Able to demonstrate ability to write clear and concise text using good English and correct grammar. - Excellent analytical abilities and a strong ability to think critically when looking at risk. - Self-driven who can take initiative to get things done on their own without waiting to be told. Good to have: - Security certification (either of GCTI, CHFI, CEH,GCIH, Security + etc.) - Able to think critically to pass those exams and/or need prior security experience. - Strong Security alert analytical skills. - Sound understanding of network infrastructure and communication protocols,threats,vulnerabilities.
Coverage For SOC Monitoring Operation (24x7 rotational shift coverage Support) & Security incident Management. Analyze & investigate incidents from SIEM tools to derive information in support of system and network level of alerts mitigation,contribute to Alert tuning,SOC Maturity & Incident Remediations.
This role is responsible for Analyse,recomend with Remediate findings & follow up till closure, collecting and analyzing all potential evidences from SIEM in SOC scope. Support other SOC stakeholder with the Evidence & artifacts whenever needed.
Monitor security applications and investigate subsequent alerts/alarms -Work with the other security/IT teams to investigate, contain and remediate cyber security incidents -Develop new cyber alerts for deployment to the security tooling to increase detection coverage -Contribute to the security monitoring and response strategy
Work with our 'managed security services provider' (MSSP) -Act on intelligence feeds and perform threat hunting being prepared to change that assessment in the presence of new evidence -Assist the incident response team with technical analysis and provide timely updates during an investigation -Ensure all security events are investigated and documented to completion -Analyse use cases and playbooks and offer improvements
Stay up-to-date on the changing threat landscape -Use investigation findings to recommend security posture improvements (identify gaps
)Experience with collecting, analyzing, and interpreting qualitative and quantitative data from multiple sources - Discover and gather threat data from multiple sources using internal and external methodologies.
Develop a methodology for threat data mining to uncover the threat actors and threat vectors. - Ability to write high-quality intelligence assessments and briefings for a senior-level audience - Ability to develop specific expertise, to discern patterns of complex threat actor behavior, and to communicate an understanding of current and developing cyber threats - Ability to leverage well-honed online researching expertise to identify and navigate relevant online forums, including Web sites, social media, and traditional sources to support research and analysis - - Maintain, develop, and continuously evaluate cyber threat intelligence,brand protection & threat intelligence/data sources - Maintain an understanding of the overall threat landscape (cyber, malware, botnets, phishing, DDoS, physical) - Collect, analyze investigate, store, and disseminate indicators of compromise (IOCs), threat intelligence - Regularly develop and produce written cyber brand and threat intelligence reports - Provide support to the Security Incident Response Team and SOC in the effective detection, analysis, and containment of attacks, as well as researching potential IOCs and linking to intelligence - Draft, edit, and disseminate threat intelligence information/briefs to stakeholders, executive leadership, and others - Monitoring of security procedures and practices; recommend optimizations and improvements when gaps are identified - Stay up to date on ever growing attack mechanisms and exploits - Monitor Deep/Dark web forums (manually and with the help of available technology) to find content infringement/ data leak and malware signatures
Job tags
Salary
