Senior SOC Engineer

Summary of Position:

The Alcon Security Operations Center (SOC) is responsible for monitoring, detecting, analyzing, and performing incident response to cyber threats against Alcon applications, platforms, networks, and information.  The environment includes local area networks/wide area networks (LAN/WAN), Internet connections, public facing services & websites, wireless, mobile/cellular, cloud-based applications, and services (IaaS, PaaS, SaaS), security devices, servers, end-user workstations and laptops, production manufacturing, and various other 3rd party connections & services.  

Information Systems Security work focuses on preventing IT-based crime, hacking, intentional or inadvertent modification, disclosure, or destruction to an organization's information systems and IT assets and intellectual property including: •Designing, testing, and implementing secure operating systems, networks, and databases •Password auditing, network based and Web application based vulnerability scanning, virus management, and intrusion detection •Conducting risk audits and assessments, providing recommendations for application design •Monitoring and analyzing system access logs •Planning for security backup and system disaster recovery.

Key Responsibilities:

• Administer and maintain the organization's SIEM (Security Information and Event Management) platform to monitor, analyze, and respond to security events and incidents effectively.  
• Configure and customize SIEM rules, alerts, dashboards, and reports to meet the organization's security requirements and compliance standards.  
• Perform regular health checks, tuning, and optimization of SIEM infrastructure to ensure optimal performance and maximum effectiveness.  
• Monitor SIEM logs and alerts, investigate security incidents, and provide expert-level analysis and response to security events.  
• Collaborate with SOC (Security Operations Center) analysts to triage, prioritize, and escalate security incidents based on severity and impact.  
• Conduct regular SIEM platform upgrades, patches, and version migrations, following best practices and change management processes.  
• Develop and maintain SIEM documentation, including configuration guides, standard operating procedures (SOPs), and knowledge base articles.  
• Provide mentorship and training to junior team members and SOC analysts on SIEM administration best practices and techniques.  
• Coordinate with vendors and internal stakeholders for SIEM platform integrations, upgrades, and troubleshooting as needed.  
• Stay current with emerging SIEM technologies, trends, and threats, and make recommendations for continuous improvement of the SIEM environment.  
• Manage and maintain the organization's SIEM (Security Information and Event Management) platform to monitor, analyze, and respond to security events and incidents.  
• Implement and manage Data Loss Prevention (DLP) solutions to safeguard sensitive data and prevent unauthorized data exfiltration.  
• Administer Endpoint Detection & Response (EDR) systems to detect, investigate, and remediate security threats on endpoints.  
• Configure and maintain Security Orchestration and Automation (SOAR) platforms to streamline security operations and automate response actions.  
• Monitor and manage Intrusion Detection/Prevention Systems (IDS/IPS) to detect and prevent malicious activities and network intrusions.  
• Provide support for ARMIS platform, focusing on troubleshooting and issue resolution, while collaborating with SOC analysts for effective incident response.  
• Utilize ServiceNow for case management, including ticket creation, tracking, and resolution of security-related incidents and requests.  
• Ensure the security of cloud environments by implementing and managing cloud security solutions and best practices.  
• Offer support for Saviynt platform, assisting with user access management, identity governance, and compliance requirements.  
• Provide assistance for Site Manager and Zscaler platforms, focusing on support activities and issue resolution as needed.  
• Act as a point of escalation for L1 & L2 engineers in support of investigations.  

Key Requirements/Minimum Qualifications:

• Bachelor of Science from accredited institution.  
• Strong knowledge of incident management, problem management and change management best practices.  
• Superior communication skills and ability to brief senior government officials.  
• 7+ years of Information Security / Cybersecurity experience.  

Desired Skills and Certifications  

• Experience networking and telecommunications integration, design, and architecture.  
• Hold at least two relevant industry certifications (GCIH, GCED, CISSP, CEH, GMON etc.)  
• Understanding of SIEM tools such as Splunk, FireEye Helix, ArcSight, Microsoft Sentinel, McAfee Nitro, etc.  
• Experience building and maintaining a high-performance team of analysts.  
• Expertise with industry standard frameworks (ISO, NIST, PCI).  
• Experience maintaining metrics and SLAs.  
• Self starter and should be able handle platforms independently.

Work hours: 1 PM to 10 PM IST

Relocation assistance: Yes

Employment Scams: Alcon is aware of employment scams which make false use of our company name or leader’s names to defraud job seekers. Alcon does not offer any positions without interview and never asks candidates for money. All our current job openings are displayed here on the Careers section of our website, where you can search for open positions and apply directly.

If you have encountered a job posting or been approached with a job offer that you suspect may be fraudulent, we strongly recommend you do not respond, send money or personal information, and check our website for current job openings

ATTENTION: Current Alcon Employee/Contingent Worker

If you are currently an active employee/contingent worker at Alcon, please click the appropriate link below to apply on the Internal Career site.

Find Jobs for Employees

Find Jobs for Contingent Worker

Alcon is an Equal Opportunity Employer and takes pride in maintaining a diverse environment. We do not discriminate in recruitment, hiring, training, promotion or other employment practices for reasons of race, color, religion, gender, national origin, age, sexual orientation, gender identity, marital status, disability, or any other reason.