- Skilled in using incident handling methodologies.

- Skilled in collecting data from a variety of cyber defence resources.

- Skilled in recognizing and categorizing types of vulnerabilities and associated attacks.

- Experience detecting host and network-based intrusions using intrusion detection technologies.

- Experience to interpret the information collected by network tools (e.g., nslookup, Ping, and Traceroute).

- In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management, MITRE etc.

- Experience in threat management and threat intelligence.

- Knowledge of applications, databases, middleware, Authentication, authorization, and access control methods.

- Key concepts in security management (e.g., Release Management, Patch Management).

- Operating system command-line tools like PowerShell, Packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump), Network tools (e.g., ping, traceroute, nslookup), Network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools, Windows/Unix ports and services.

- Working knowledge and experience with MS office with proficiency in Excel.

Roles and Responsibilities :

- Lead and manage Security Operations Centre in an MSSP environment.

- Ensure incident identification, assessment, quantification, reporting, communication, mitigation, and monitoring.

- Ensure compliance to SLA, process adherence and process improvisation to achieve operational objectives.

- Revise and develop processes to strengthen the current Security Operations Framework, review policies and highlight the challenges.

- Responsible for team resources, overall use of resources and initiation of corrective action where required for Security Operations Center.

- Creation of weekly, monthly, quarterly reports, dashboards, metrics for SOC operations and presentation to client and Sr. Mgmt.

- Interface both internal & external audits of the Security Operations Center (SOC).

- Ensure incidents and investigations are thoroughly documented for the purposes of facilitating record keeping, process improvement, lessons learned, trend analysis, and senior leadership reporting.

- Conduct regular review with customer stakeholders, build and maintain positive working relationships with them.

- Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities.

- Isolate and remove malware.

- Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).

- Provide daily summary reports of network events and activity relevant to cyber defense practices.

- Receive and analyse network alerts from various sources and determine possible causes of such alerts.

- Notify designated managers, cyber incident responders and articulate the event's history, status, and potential impact for further action in accordance with the organization's incident response plan.

- Analyse and report system security posture trends.

- Assess adequate access controls based on principles of least privilege and need-to-know.

- Work with stakeholders to resolve computer security incidents and vulnerability compliance.

- Creating SIEM correlation rules, custom reports, integrating threat intelligence feeds.

- Administer, manage, configure, maintain, and support Security devices like Firewall, IDS/IPS, Proxies, Mail Gateways etc.

- Onboarding new customers in Build and Run and Build and Handover model.

Candidate profile :

Experience/ Qualifications :

- Bachelor's degree in Computer Science, Information Technology, Systems Engineering, or a related field.

- Good oral and written communication skills to collaborate with the team.

- Minimum 8+ years of Security engineering or Security Operations.

- Understanding of how operating systems work and how exploitation works for different Operation Systems and applications.

- Understanding of network traffic and be able to analyse network traffic introduced by the malware.

- Thorough understanding of Windows and Linux Internals.

- Knowledge of common hacking tools and techniques.

- Experience in understanding and analysing various log formats from various sources.

- Experience in analysing reports generated of SOAR/SEM tools e.g. ArcSight, Elastic SIEM etc.

- Security Certifications desirable.

- Certified Incident Handler (GCIH).

- Certified SOC Analyst.

- Certified Ethical hacker (CEH).

- CISSP/CISM.