- Monitor, analyze, and interpret security/system logs for events, operational irregularities, and potential incidents, and escalate issues as appropriate

- Responsible for monitoring, detection of analysis through various input tools and systems (SIEM, IDS / IPS, Firewalls, EDR, etc.)

- Conduct basic red team exercises to test the effectiveness of preventive and monitoring controls

- Provides support for complex system/network exploitation and defense techniques to include deterring, identifying, and investigating system and network intrusions

- Support malware analysis, host and network, log analysis, and triage in support of incident response

- Maintaining and improving the security technologies deployed, including creating use cases, customizing or better configuring the tools based on past and current threats

- Monitoring threat/vulnerability landscape, security advisories, and acting on them as appropriate

- Continuously monitors the security alerts and escalation queue, triages security alerts

- Monitoring and tuning SIEM (content, parsing, maintenance)

- Monitoring Cloud infrastructure for security-related events

- Delivers scheduled and ad-hoc reports

- Develop and coach L1 analysts

- Author Standard Operating Procedures (SOPs) and training documentation

- Work the full ticket lifecycle; handle every step of the alert, from detection to remediation

- Generates end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty

- Perform threat-intel research, learn new attack patterns, actively participate in security forums.

Job specifications :

1. Qualification :

- Bachelors degree in Engineering or closely related coursework in technology development disciplines

- Any one Certifications like CISSP, CEH, CISM, GCIH, GCIA

Experience with the following or related tools :

- SIEM Tools such as Splunk, IBM QRadar, SecureOnix;

- Case Management Tools such as Swimlane, Phantom, etc.;

- EDR tools such as Crowdstrike, Sentinel, VMware, McAfee, Microsoft Defender ATP, etc;

- Network Analysis Tools such as Darktrace, FireEye, NetWitness, Panorama, etc.

2. Experience :

- 5+ years of SOC related work experience

3. Desired Skills :

- Full understanding of SOC L1 responsibilities/duties and how the duties feed into L2/L3. The ability to take lead on incident research when appropriate and be able to mentor junior analysts.

- Advanced knowledge of TCP/IP protocols and event log analysis

- Strong understanding of Windows, Linux and networking concepts

- Experience analyzing both log and packet data to include the use of WireShark, tcpdump and other capture/analysis tools

- Good understanding of security solutions including SIEMs, Web Proxies, EDR, Firewalls, VPN, authentication, encryption, IPS/IDS etc.

- Functional understanding of Cloud environments

- Ability to conduct research into IT security issues and products as required

- Working in a TAT based IT security incident resolution practice and knowledge of ITIL

- Knowledge and experience with scripting and programming (Python, PERL, etc.) are also highly preferred

- Malware analysis and reverse engineering is a plus

Personal Attributes :

- Self-starter and quick learner requiring minimal ramp-up

- Excellent written, oral, and interpersonal communication skills