Incident Response and Investigation: ▪ Perform in-depth investigations of security incidents, analysing security alerts, and developing incident reports. ▪ Analyse security events from various sources, including SIEM (Security Information and Event Management) tools, intrusion detection systems, firewalls, and antivirus software.
Threat Detection and Analysis: ▪ Identify and classify security threats based on their severity and potential impact on the organization. ▪ Monitor and respond to real-time security alerts, escalating incidents to higher-level analysts or management as necessary.
Security Tool Management: ▪ Manage and fine-tune security monitoring tools to enhance detection capabilities. ▪ Assist in creating and updating playbooks for incident response and threat hunting.
Collaboration and Communication: ▪ Work with cross-functional teams, including IT, development, and compliance, to ensure a cohesive approach to security. ▪ Communicate findings, risks, and recommendations to stakeholders clearly and effectively.
Documentation and Reporting: ▪ Maintain detailed documentation of security incidents, responses, and the overall security posture of the organization. ▪ Contribute to regular security reports and metrics for management reviews.
Continuous Improvement: ▪ Stay updated on the latest cybersecurity trends, threats, and best practices. ▪ Participate in training and professional development opportunities to enhance skill sets and knowledge.
Requirements
Minimum 2 years of experience in Cyber security/SOC
Proficient in Incident Management and Response
In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
Responsible for working in a 24×7 Security Operation Centre (SOC) environment.
Provide analysis and trending of security log data from a large number of heterogeneous security devices
Analyze and respond to previously undisclosed software and hardware vulnerabilities
Investigate, document, and report on information security issues and emerging trends
Integrate and share information with other analysts and other teams.
Knowledge of various operating system flavors including but not limited to Windows, Linux, Unix.
Have experience operation SIEM Dashboard, Use Case and Policy related with alert / issue/ vulnerability and other security issue.
Have experience create knowledge base/Playbook/Guideline for investigation process and every SOC process activity.
Communicate effectively Customer Existing
Knowledge about various tools like – SIEM, Packet Analysis, HIPS/NIPS, Service Now Ticketing Toolset Web Security, AV, UBEA, Advanced SOC
