SOC Lead
Maharashtra, Mumbai, India
SHI | Locuz
Roles and Responsibilities:
- Should have working experinece in Global SOC
- Must have experience in any SIEM Management tool Splunk, QRADAR, HP Arc sight,
- Triage Specialist - Separating the wheat from the chaff.
- Vulnerability Management tools like Tenable, Rapid 7, Qualys, Nmap, Brupsuite etc..
- Experience in conductinig VA/PT of Infrastructure and Web Application assessments
- Behavioral anomaly detection to identify emerging threats
- Investigations & Forensics - Investigate suspicious activity, contain and mitigate them
- Cyber Kill Chain & MITRE ATTACK Matrix mapping & proactive hunting.
- Threat Hunting, attack identification, investigation, correlation and suggesting mitigation measures
- Deep investigations/CSIRT, Mitigation/recommends changes, More advanced SME in cybersecurity, Experienced security analyst, understands more advanced features of security tools, thorough understanding of networking and platform architecture (routers, switches, firewalls, security), Ability to dig through and understand various logs (Network, firewall, proxy, app, etc..)
- Good to have either of certifications like, ITIL, CCNA, CEH, etc.
- Process and Procedure adherence.
- Tier 2 Security Analyst—addresses real security incidents.
- Evaluates incidents identified by tier 1 analysts.
- Responsible for conducting information security investigations as a result of security incidents identified by the Level 1 security analyst who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone)
- Uses threat intelligence such as updated rules and Indicators of Compromise (IOCs) to pinpoint affected systems and the extent of the attack.
- Analyzes running processes and configs on affected systems.
- Carries out in-depth threat intelligence analysis to find the perpetrator, the type of attack, and the data or systems impacted. Creates and implements a strategy for containment and recovery.
- Act as a point of escalation for Level-1 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques.
- Should have experience in Developing new correlation rules & Parser writing
- Experience in Log source integration
- Act as the lead coordinator to individual information security incidents.
- Document incidents from initial detection through final resolution.
- Participate in security incident management and vulnerability management processes.
- Coordinate with IT teams on escalations, tracking, performance issues, and outages.
- Communicate effectively with customers, teammates, and management.
- Prepare Monthly Executive Summary Reports for managed clients and continuously improve their content and presentation.
- Provide recommendations in tuning and optimization of security systems, SOC security process, procedures and policies.
- Define, create and maintain SIEM correlation rules, customer build documents, security process and procedures.
- Follow ITIL practices regarding incident, problem and change management.
- Staying up to date with emerging security threats including applicable regulatory security requirements.
- Maintain an inventory of the procedures used by the SOC and regularly evaluate the SOC procedures and add, remove, and update the procedures as appropriate
- Publish weekly reports to applicable teams.
- Generate monthly reports on SOC activity.
- Should be skilled on Deception Technology, EPP, EDR, IPS/IDS desirable.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
0
0
0
Category:
Leadership Jobs
Tags: CEH CSIRT Cyber Kill Chain EDR Firewalls Forensics IDS IPS ITIL Monitoring Nmap QRadar Qualys SIEM SOC Splunk Strategy Threat intelligence Vulnerability management
Region:
Asia/Pacific
Country:
India
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Senior Security Analyst jobsInformation System Security Officer jobsSenior Cloud Security Engineer jobsInformation Security Specialist jobsInformation Security Manager jobsSenior Cybersecurity Engineer jobsSenior Network Security Engineer jobsSecurity Consultant jobsIT Security Engineer jobsCyber Security Specialist jobsSenior Penetration Tester jobsSenior Information Security Analyst jobsSecurity Specialist jobsSenior Cyber Security Engineer jobsChief Information Security Officer jobsSystems Engineer jobsSystems Administrator jobsSenior Product Security Engineer jobsPrincipal Security Engineer jobsInformation System Security Officer (ISSO) jobsStaff Security Engineer jobsCloud Security Architect jobsIT Security Analyst jobsSecurity Operations Analyst jobsInformation Systems Security Engineer jobs
Encryption jobsPowerShell jobsDevSecOps jobsKubernetes jobsSaaS jobsIDS jobsEDR jobsSplunk jobsSDLC jobsIPS jobsRMF jobsSQL jobsTop Secret jobsBash jobsIntrusion detection jobsThreat detection jobsCompTIA jobsITIL jobsFinance jobsActive Directory jobsDoDD 8570 jobsOWASP jobsCRISC jobsBanking jobsDocker jobs
UNIX jobsTCP/IP jobsVPN jobsSANS jobsClearance Required jobsHIPAA jobsGIAC jobsIT infrastructure jobsTerraform jobsSOC 2 jobsSOX jobsOSCP jobsCISO jobsData Analytics jobsJavaScript jobsIndustrial jobsCCSP jobsDNS jobsSOAR jobsGCIH jobsMITRE ATT&CK jobsAnsible jobsPolygraph jobsJira jobsSecurity strategy jobs