Halma India - Security Operations Lead - SIEM Tools

Key Responsibilities :

- Lead a team of security analysts through 8-hour rotational shifts in a 24/7 SOC environment.

- Monitor and respond to real-time security incidents using SIEM and other security platforms.

- Perform log analysis and threat detection to identify infiltration attempts and mitigate threats swiftly.

- Develop and manage SIEM (Security Information and Event Management) use cases.

- Conduct vulnerability assessments and work with teams to remediate vulnerabilities.

- Create and maintain Incident Response Playbooks and improve incident management protocols.

- Perform root cause analysis and post-incident reviews to refine detection and response strategies.

- Continuously seek and recommend innovative controls to strengthen cybersecurity posture.

- Respond to technical support requests related to security tools and infrastructure (EDR, VPN, AV, etc.).

- Integrate and manage endpoint devices with Azure Active Directory, Microsoft Intune, and Microsoft Defender.

- Participate in proactive threat hunting activities and investigations.

- Ensure ticket hygiene, produce vulnerability reports, and support continuous process improvements.

- Deliver security support and operations for Halma's global offices and subsidiary networks.

- Collaborate with the global IT team to meet SLAs for service requests and incident resolutions.

Critical Success Factors :

- Contribution to ongoing improvement of IT processes, technologies, and services.

Qualifications :

Certifications :

Preferred :

- Microsoft Security Certifications : SC-200, SC-300, SC-400

Desirable :

- Network-related certifications (e.g., CCNA Security, Network+)

Experience :

Experience in managing or supporting :

- SOC operations

- Incident Response

- Microsoft Sentinel (Azure Sentinel)

- Endpoint Security (EDR/AV)

- Firewalls and VPN technologies

Technical Skills :

Security Tools & Platforms :

- EDR : Microsoft Defender for Endpoint

- Endpoint Management : Microsoft Intune

- Firewalls : Exposure to any vendor (e.g., Fortinet, Palo Alto, etc.)

- VPN : Cato Networks or equivalent

- Antivirus : Defender, McAfee, or similar

Cloud & Identity :

- Microsoft Defender for Cloud

- Microsoft Security Center

Operating Systems :

- Windows Registry, Event Viewer, device encryption (BitLocker/FileVault)

Scripting & Query Languages :

- Basic PowerShell scripting for automation

Infrastructure & Network :

- Exposure to Active Directory

- Familiarity with ticketing tools and service management platforms