Project Lead

Job description

Over all 6-7 years of as Team lead in SOC Operations.

B.E/B.Tech/MCA

Roles and Responsibilities:

• Min 6+ years experience in SOC Operations.
• Should have experience in RSA Netwitness SIEM tool as analyst and admin roles.
• Should have experience is parsing.
• Should have Good knowledge in PIM/PAM, AAPT, NAC, WAF, 
• Should have strong experience in security incident monitoring, handling P1, P2 and P3 incidents and incident response.
• Onboarding or integration of devices/log sources with LogRytham tool.
• Troubleshooting the SIEM components and coordinating with OEM Tac.
• Creating, updating and finetuning the usecases.
• Should have strong experience in threat hunting, threat intelligence, Malware analysis.
• Conduct proactive monitoring, investigation, and mitigation of security incidents in-depth log analysis.
• Should have experience in incident validation, solution recommendation.
• Prepare a root cause analysis document for issues and provide along with the resolution
• Investigate security incidents and documentation of root cause and impact of detected computer.
• Participated in Cyber Drill for various customers periodically. 
• Preparation of incident reports and periodic reporting of critical incidents to the management team.
• Conduct weekly and monthly calls with customers and resolve actionable points. 
• Handling social media related alerts and ensuring prompt action from the vendor. 
• Improved detection rate of alerts being triggered during cyber drills. 
• Transferring the knowledge to clients and team members to create and concise documentation.
• Guide the L1 and L2 resources.
• Search firewall, email, web or DNS logs to identify and mitigate intrusion attempts.
• Resolve the call within the stipulated timeframe as defined under the service level agreements
• Communicate the status of the call to client and accordingly update the status, resolution or workaround and date of resolution
• Liaise with the L2 support personnel for the call information and resolution.
• Perform version upgrades/migration as per the version release plan of OEM and agreed by the client.
• Provide training to the client team on CSOC solution and new version functionalities
• Provide continuous onsite support for the implementation of CSOC solution and support for integrating any applications to be interfaced with SIEM solution in future.
• Troubleshoot at various levels in the CSOC Solution implementation.
• Coordinate with the L1 & L3 team for resolution and provide necessary information as may be required by the team to resolve the issues. Escalate the unresolved calls as per escalation matrix.
• Provide the timeframe for providing a solution of resolution of the escalated calls and automatically log calls during escalation.
• Prepare a root cause analysis document with the resolutions provided for major issues such as production issues, service disruptions or downtime, delayed response times, data/ table corruptions, system performance issues (high utilization levels) etc.
• Perform the application audit on a quarterly basis or as mutually agreed with the client and rectify any corruption in the software.
• Ensure patch releases are ported to the production environment with no business disruption or business losses.
• Support periodic BCP/DR drills.
• Routing the events through the backup system in case the primary system fails
• Providing client with daily hardware utilization reports and alerting client in case of any performance issues or hardware upgradation requirements

Certifications:

• CEH