SOC Analyst - L2 Support
Fort (Mumbai) Infra / Networks / Telecom
Job description
Introduction
Information and Data are some of the most important organizational assets in today’s businesses. As a Security Consultant, you will be a key advisor for IBM’s clients, analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client's organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.
Your Role and Responsibilities
As a Security Delivery Specialist-SOC ,you are responsible for managing day to day operations of Security Device Management SIEM.These are Security Specialist are Qradar SME that are responsible for 24x7 event analysis & threat responses. Overall responsible for Incident response, analysis, and recommendation through SIEM and EDR.
· Responsible for threat hunting activity using SIEM, EDR and other hunting tools and technologies.
· Good understanding of Mitre Framework, NIST framework and Cyber Kill Chain Process.
· Mentor and support L1 and L2 team for technical expertise and skills.
· Walkthrough of the daily, weekly, and monthly SOC reports to the customer/stake holders.
· Finetune of existing use case of SIEM to reduce false positive.
· Drive task automations jointly with automation team.
· Participate in periodic customer meetings.
· Create and manage various KEDBs the SOPs, runbooks, asset inventory with
· risk classification, critical application flow diagram, network flow diagram, privileged user list. Ready to work in 24x7 rotational shift model including night shift.
· Mentor and monitor team members for their daily activities.
· Create and manage various KEDBs the SOPs, runbooks, asset inventory with risk classification, critical application flow diagram, network flow diagram, privilege user list.
· Identify the process and technology gaps and drive for closure.
· Explore different technologies available in the security industry.
· Analyse and tune threat monitoring dashboards.
· Closely work with SOC team and be responsible for incident detection, triage, analysis and response.
· Performing TI based and hypothesis driven threat hunting oriented to SIEM logs.
· Support the incident response team during major security incident with advance investigation skills.
Required Technical and Professional Expertise
· Work in a 24x7 Security Operation Centre (SOC) environment
· B.E./ B.Tech/ MCA/ M.Sc. in Computer Science or IT + OEM Certified SIEM specialist + CEH with 3+ years of relevant experience
· 4 + years of IT experience in security with at least 3+ Years in Security Operation centre with SIEMs, EDR, Threat Hunting, Threat Intelligence, and knowledge on various cloud platform.
· Expertise in Security Device Management SIEM, Arcsight, Qradar, Slunk incident response, threat hunting, Use case engineering, device integration with SIEM, Various error notification management in SIEM and EDR.
· Working knowledge of industry standard risk, governance and security standard methodologies
· Proficient in incident response processes - detection, triage, incident analysis, remediation, and reporting
Preferred Technical and Professional Expertise
· Has good presentation skill with PPT preparation and competence with Microsoft Office, e.g. Word, PowerPoint, Excel, Visio, etc.
· Ability to multitask and work independently with minimal direction and maximum accountability.