Manager - Soc Admin & Platform Engineer

Genpact NYSE G is a global professional services and solutions firm delivering outcomes that shape the future Our 125 000 people across 30 countries are driven by our innate curiosity entrepreneurial agility and desire to create lasting value for clients Powered by our purpose the relentless pursuit of a world that works better for people we serve and transform leading enterprises including the Fortune Global 500 with our deep business and industry knowledge digital operations services and expertise in data technology and AI Inviting applications for the role of Manager-SOC Admin Platform EngineerGenpact is seeking invitations for SOC Admin Engineering role to support implementation integration management of SIEM SOAR EDR other technologies within its environment The SOC Admin is an internal corporate role responsible for administration management configuration testing and integration of SIEM SOAR EDR other security platform solutions to improve the security value of the organization A working knowledge of SIEM other security solutions with relevant experience is required Should have deeper understanding with some hands-on experience on other enterprise IT infra components such as advanced firewalls IPS IDS WIPS HIPS routers switches TACACS VPN proxy AV domain controllers DNS DHCP multi factor authentication virtualization Email systems security DLP etc along with cloud environments AWS Azure etc ResponsibilitiesAlign with internal external needs threat trends and operational performance to identify opportunities for improvement enhancement of the security operations center technologies and integrations Perform system administration for SIEM SOAR EDR and ancillary devices Develop implement and execute standard procedures for the administration content management change management version patch management and lifecycle management of the SIEM SOAR platforms Develop information security and incident response workflows procedures and best practices and publish them as playbooks in SOAR platform On-board new log sources with log analysis and parsing to enable SIEM correlation Creates and develops correlation and detection rules within SIEM solution IBM QRadar reports and dashboards to detect emerging threats Manage develop and tune the scripts that integrate SIEM Collaborate with key stakeholders within technology application and cyber-Security to develop specific use cases to address specific business needs Collaborate with platform application owners to define and establish logging standards to address various governance security requirements Create technical documentation around the content deployed to the SIEM Provides technical support for forensics services to include evidence seizure computer forensic analysis and data recovery in support of computer crime investigation Researches and maintains proficiency in open and closed source computer exploitation tools attack techniques procedures and trends Performs research into emerging threat sources and develops threat profiles Keep updated on latest cyber security threats Demonstrates strong evidence of analytical ability Has a broad understanding of all stages of incident response Has a sound understanding of other technologies like PAM CASB EDR Email Security Secure Web gateway etc and other threat detection platforms that form part of the broader SOC program Creation of reports dashboards metrics for SOC administration KPIs and presentation to senior management other stakeholders Handling audit related activities with internal and external stakeholders to ensure compliance of policies adherence of procedures showcase evidence and align the observation reports for process improvisations to achieve operational objectives Be prepared to provide a Technical Escalation Point during security incidents establishing the extent of an attack the business impacts and advising on how best to contain the incident along with advice on systems hardening and mitigation measures to prevent a re-occurrence Has a systematic disciplined and analytical approach to problem solving with leadership skills Has basic knowledge of audit requirements PCI HIPPA SOX ISMS etc Qualifications we seek in you Minimum qualifications Experience RequirementsRelevant years working within the information security field with emphasis on security platform implementation administration Bachelors Graduation or higher in Computer Science or equivalent Experience with QRadar preferred and or other platforms SIEM systems like SPLUNK ArcSight Experience with IBM Resilient preferred or equivalent SOAR technology like Demisto Splunk Service Now Technical Experience Skills Required Excellent understanding and proven hands-on experience in SIEM concepts such as correlation aggregation normalization and parsing Experience with deploying and managing a large SIEM deployment Excellent understanding of enterprise logging standards with a focus on application loggingAdvanced knowledge of content creation concepts and best practicesExcellent understanding of regular expressions development of custom flex ParsersStrong knowledge of frameworks such as Cyber Kill Chain and Adversary Tactics Techniques and Procedures Experience in Implementation and support of major SOAR platform preferred IBM Resilient and developing playbooks for automation Expertise in writing QRadar searches QRadar Infrastructure and content use case development well-versed with IBM QRadar architecture and designExperience in QRadar Resilient Administration and analytics development on Information Security Triage events Incident Analysis Hands on exp with information security tools such as SIEMs FW IDS IPS EDR Sandboxes Vulnerability Management etc Excellent Python and Unix Shell scripting skillsUnderstanding of events related fields in log records and alerts reported by various data sources such as Windows Unix systems IDS IPS AV HIDS HIPS WAFs firewalls and web proxies Excellent understanding of Cyber Security Operations Incident Response processes Experience in using scripting languages to automate tasks and manipulate data Programming experience is a plus Experience working in a large enterprise environment and integrating solutions in a multi-vendor environment Preferred qualificationsSecurity Certifications Preferred Including but not limited to the following certifications Security CEH OSCP CISSP CISM GIAC GCIH Preferred product specialization certifications on QRadar SIEM Resilient SOAR Crowdstrike EDR Mimecast Email Security Genpact is an Equal Opportunity Employer and considers applicants for all positions without regard to race color religion or belief sex age national origin citizenship status marital status military veteran status genetic information sexual orientation gender identity physical or mental disability or any other characteristic protected by applicable laws Genpact is committed to creating a dynamic work environment that values respect and integrity customer focus and innovation Get to know us at and on and Furthermore please do note that Genpact does not charge fees to process job applications and applicants are not required to pay to participate in our hiring process in any other way Examples of such scams include purchasing a starter kit paying to apply or purchasing equipment or training