Tasks include but are not limited to monitoring and analyzing and start remediation of logs and detections on SIEM, EDR, DLP, Email, Cloud activity and other cybersecurity threats .
Tracking/reporting of Security Events, Reports and Logs statistics
Performing Statistical Analysis of collected data.
Should perform advance level of event correlation.
Preparation of Incident reports
Assist with system upgrades or changes to AV and Security protection technologies.
Assist with Writing and update security procedures and documentation.
Understand the business requirements, evaluate potential products / solutions and provide technical recommendations.
Good understanding of the concept of attack kill chain, MITRE framework and apply concept
Review software applications for potential security vulnerabilities by conducting application security reviews ie Requirements review, Design review, Code Review and Penetration testing (Ethical Hacking).
Keep abreast with latest security and privacy regulations, advisories and alerts.
Report daily, weekly and monthly as per project requirements.
Review and fine tune security tools policies rules
Suggest ideas to ensure security hardening.
Keep in track of the recent security incidents, news and latest virus outbreaks across the globe and assess organization s security posture.
Supports the Security Operations Center (SOC) on complex initiatives by collaborating in use case development, developing response processes and procedures, and performs continuous process improvements, which may include documentation, mentoring, and/or training sessions.
Education Experience
Minimum 5 years of experience in security operations.
Bachelors or Masters degree in Computer Science Engineering or Information Technology
Skills
Understanding of kill chain attacks, Email Phishing, DLP, SIEM and EDR solutions
Experience in analyzing, researching SIEM logs, EDR detections, DLP logs, Next Generation Firewalls, Vulnerability Assessment solutions.
Windows, Linux, Access controls, Authentication, Authorization, Encryption, IPS, SSL, VPN, IPsec, TCP/IP, DNS and web security architecture, Proxy services
Knowledge of SIEM tools (preferably QRadar)
Familiar with Windows exploits, malware, and malicious code trends
Should have ability to operationally manage any of these products (with appropriate training / familiarization where required).
Working knowledge of Microsoft Office
Working Conditions
Ability to work independently in a varied and demanding environment.
Willing and able to work flexible hours.
Ability to sit and monitor for extended periods of time.
Enthusiastic and goal driven individual.
Excellent time management and communication skills
The work mode of Finisar India is Hybrid ie 3 days at office.
