[3 Days Left] Security Operations Center

Job Description Responsibilities: - Cyber Security Event Review & Leadership: Review cyber security events analyzed by Level 2 security analysts and act as the team lead, serving as the escalation point for detection, response, and remediation activities. - Monitoring & Guidance: Monitor and guide the team in triaging cyber security events, prioritizing them, and recommending/performing appropriate response measures. - Technical Support: Provide expert technical support for various IT teams in response and remediation activities for escalated cyber security events/incidents from L2 analysts and stakeholders. - Incident Follow-up & Closure: Ensure all cyber security incident tickets are followed up diligently until full closure. - Analyst Guidance & Mentorship: Provide clear guidance and mentorship to L1 and L2 analysts in analyzing events and executing response activities. - Incident Response Expediting: Intervene and expedite Cyber incident response and remediation-related activities in case of any delays, coordinating effectively with various teams, including L1 and L2 team members. - Policy & Best Practice Review: Review and provide valuable suggestions during the preparation of information security policies and best practices for client environments. - SLA & Communication: Ensure that all Service Level Agreements (SLAs) and contractual requirements are met in a timely manner, maintaining effective communication with all stakeholders. - Reporting & Dashboards: Review Daily, Weekly, and Monthly dashboard reports and share them with relevant stakeholders, providing clear insights into security posture. - Documentation & Playbooks: Review all security-related documents, update playbooks, and maintain other standard operational procedures to ensure accuracy and relevance. - System Documentation Validation: Validate client systems and IT infrastructure documentation, ensuring all records are current and accurate. - Knowledge Sharing & Threat Intelligence: Share knowledge with team members on current security threats, trends in attack patterns, and new security tools. - Use Case Development & Validation: Review and create new use cases based on emerging attack trends. Validate these use cases through selective testing and logic examination. - Threat Detection Rule Development: Develop and maintain threat detection rules, parsers, and use cases to enhance the SIEM's detection capabilities. - Security Analytics Understanding: Possess a strong ability to understand security analytics and data flows across various SaaS applications and cloud computing tools. - SIEM Solution Deployment: Be capable of deploying SIEM solutions in customer environments. Required Skills: - Core SOC Monitoring experience. - Proficiency with SOC tools such as FortiSOAR, IBM QRadar, MS Defender, and Cisco Umbrella. - Strong experience in analyzing malicious traffic and building detections. - Experience in applications security, network security, and systems security. - Knowledge of MITRE or similar frameworks and adversary procedures. - Expertise with SIEM Solutions (Securonix / Splunk / Sumologic / LogRhythm / ArcSight / Qradar). - Strong communication skills, both written and oral, capable of effectively communicating with internal teams and external stakeholders. - Experience working on SMB & large enterprise clients. - Good understanding of ITIL processes, including Change Management, Incident Management, and Problem Management. - Strong expertise on multiple SIEM tools & other devices found in a SOC environment. - Good knowledge in firewalls, IDS/IPS, AVI, EDR, Proxy, DNS, email, AD, etc. - Good understanding of raw Log formats of various security devices like Proxy, Firewall, IDS/IPS, DNS. - Solid foundational understanding of networking concepts (TCP/IP, LAN/WAN, Internet network topologies). - Knowledge of regex and parser creation. - Ability to mentor and encourage junior teammates. - Strong work ethic with good time management skills. - Coachability and dedication to consistent improvement. Good to Have: - Master's degree. - Relevant certifications like CEH, CISA, CISM. - Be a key person for developing Thought Leadership within the SOC.