Technology Consultant

Over all 6-7 years of as Team lead in SOC Operations.

B.E/B.Tech/MCA

Roles and Responsibilities:

Min 6+ years experience in SOC Operations.
Should have experience in RSA Netwitness SIEM tool as analyst and admin roles.
Should have experience is parsing.
Should have Good knowledge in PIM/PAM, AAPT, NAC, WAF, 
Should have strong experience in security incident monitoring, handling P1, P2 and P3 incidents and incident response.
Onboarding or integration of devices/log sources with LogRytham tool.
Troubleshooting the SIEM components and coordinating with OEM Tac.
Creating, updating and finetuning the usecases.
Should have strong experience in threat hunting, threat intelligence, Malware analysis.
Conduct proactive monitoring, investigation, and mitigation of security incidents in-depth log analysis.
Should have experience in incident validation, solution recommendation.
Prepare a root cause analysis document for issues and provide along with the resolution
Investigate security incidents and documentation of root cause and impact of detected computer.
Participated in Cyber Drill for various customers periodically. 
Preparation of incident reports and periodic reporting of critical incidents to the management team.
Conduct weekly and monthly calls with customers and resolve actionable points. 
Handling social media related alerts and ensuring prompt action from the vendor. 
Improved detection rate of alerts being triggered during cyber drills. 
Transferring the knowledge to clients and team members to create and concise documentation.
Guide the L1 and L2 resources.
Search firewall, email, web or DNS logs to identify and mitigate intrusion attempts.
Resolve the call within the stipulated timeframe as defined under the service level agreements
Communicate the status of the call to client and accordingly update the status, resolution or workaround and date of resolution
Liaise with the L2 support personnel for the call information and resolution.
Perform version upgrades/migration as per the version release plan of OEM and agreed by the client.
Provide training to the client team on CSOC solution and new version functionalities
Provide continuous onsite support for the implementation of CSOC solution and support for integrating any applications to be interfaced with SIEM solution in future.
Troubleshoot at various levels in the CSOC Solution implementation.
Coordinate with the L1 & L3 team for resolution and provide necessary information as may be required by the team to resolve the issues. Escalate the unresolved calls as per escalation matrix.
Provide the timeframe for providing a solution of resolution of the escalated calls and automatically log calls during escalation.
Prepare a root cause analysis document with the resolutions provided for major issues such as production issues, service disruptions or downtime, delayed response times, data/ table corruptions, system performance issues (high utilization levels) etc.
Perform the application audit on a quarterly basis or as mutually agreed with the client and rectify any corruption in the software.
Ensure patch releases are ported to the production environment with no business disruption or business losses.
Support periodic BCP/DR drills.
Routing the events through the backup system in case the primary system fails
Providing client with daily hardware utilization reports and alerting client in case of any performance issues or hardware upgradation requirements
 

Certifications:

CEH