SOC Lead

• Responsible for handling day-to day operations to monitor, identity, triage and investigate security events from various Endpoint (EDR), Network and Cloud security tools and detect anomalies, and report remediation actions.
• Responsible for detecting and responding to security incidents, coordinating cross-functional teams to mitigate and eradicate threats.
• Effectively investigative and identify root cause findings then communicate findings to stakeholders including technical staff, and leadership.
• Work with key stakeholders to implement remediation plans in response to incidents.
• Author Standard Operating Procedures (SOPs) and training documentation when needed.
• Generates end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty.
• Responsible for working in a 24/7 environment including night shifts and the shifts are decided based on the business requirement.
• Conduct malware analysis, host and network, forensics, log analysis, and triage in support of incident response.
• Security Utilize state of the art technologies such as host forensics tools (FTK/Encase), Endpoint Detection & Response tools, log analysis (Sentinel) and network forensics (full packet capture solution) to perform hunt and investigative activity to examine endpoint and network-based data.
• Recognize attacker and APT activity, tactics, and procedures as indicators of compromise (IOCs) that can be used to improve monitoring, analysis, and incident response.
• Develop and build security content, scripts, tools, or methods to enhance the incident investigation processes.

Educational qualifications:

• Bachelor’s degree relevant to Information Technology, Computer Science/Engineering (or equivalent).
• Advanced certification desirable GCIH, GCIA, GCFE, GREM, GCFA, GSEC

Experience:

• Minimum 5-10 years in an Incident Responder/Handler role 
• Strong experience in SIEM (Security Incident and Event Monitoring) processes and Products (e.g., ArcSight, Microsoft Sentinel etc.) 
• Full understanding of Tier 1 responsibilities/duties and how the duties feed into Tier 2.  The ability to take lead on incident research when appropriate and be able to mentor junior analysts
• Advanced knowledge of TCP/IP protocols
• Knowledge of Windows, Linux operating systems
• Knowledge of Intrusion Detection Systems (IDS) and SIEM technologies; Splunk or Sentinel experience
• Knowledge on threat hunting
• Deep packet and log analysis
• Some Forensic and Malware Analysis
• Cyber Threat and Intelligence gathering and analysis
• Bachelor’s degree or equivalent experience