Security Operations Center Analyst

SOC Security Analyst (L2) Location: BangaloreShift : Rotational ShiftMode: HybridJob Description:SOC Security Analyst (L2) will be responsible for responsible for day-to-day security threat monitoring and analysis. You will manage security incidents and review security alerts. You will work on known or suspected security threats.

You will also work on threat intelligence, forensics and incident response adhering to security practices and frameworks. You will be part of 24x7 Security Operations Centre (SOC) team. You will be required to work in shifts.

Job ResponsibilitiesExperience of monitoring threats in a 24x7 Security Operation Center (SOC) Investigates and hunts for advanced threats. Correct root cause analysis as well identify suitable corrective steps. Perform deep packet analysis, collection of IOC (Indicator of Compromise).

Collection of evidence, malware reverse engineering and write custom scripts whenever required. Co-coordinating with OEM for all the firmware upgrades, troubleshooting and other activities

Threat mitigation and reporting are top priority for this position.Rule base Management, SOC Fine tuning and administer SIEM tools

Manage and coordinate with team to accomplish daily operational tasks as per defined standard and Maintaining the SLA's. Identify vulnerabilities, recommend corrective measures and ensure the adequacy of existing information security controls. Advanced working skills with Microsoft Sentinel, Qradar, LogRhythm, Arcsight and Splunk etc.

Relevant certification is a plus. Good working knowledge with SOAR and EDR tools. Investigate and respond to security incidents.

Document and report on information security issues

Investigate, document, and report on information security issues and emerging trends

Evaluate and implement SIEM use cases.Document and continuously improve playbooks.Monitor for threats, analyze, and escalate as per process.Analyze functional and technical cases and provide a resolution in accordance with agreed metrics. Track health of monitoring infrastructure

Manage and support the log collection, security scanning, intrusion detection, proxy, mail gateway and other security technologies. Review, triage security alerts, provide analysis, suggest remediation, track remediation. Support in resolving security incidents.

Monitor networks and systems for potential threats. Knowledge of network data flows, ports, protocols, and other network and application services/technologies. Respond to incidents by collecting, analyzing and preserving digital evidence to assist with remediation of critical information security incidents.

Improve and challenge existing processes and procedures in a very agile and fast-moving information security environment. Ability to write technical documentation and present technical briefings to diverse audiences. Strong understanding of threat landscape in terms of the tools, tactics, and techniques of threats employing both commodity and custom malware.

Current knowledge of security threat intelligence and recent attack vectors

Strong forensics analysis skills

Knowledge on ITIL processes

Minimum Qualification & Background:5-8 years of Information Security experience. Minimum 5 years in a large 24x7 Security Operations Centre (SOC) Relevant security certification will be a plus.Basic knowledge about AWS and AzureKnowledge of current security threats, techniques, and landscape. Security events, incident review and triage experience with Endpoint Detection and Response (EDR) tools

Experience and knowledge related to the configuration and maintenance of security monitoring and reporting platforms.Ability to conduct detailed analysis of various security related events like Phishing, Spoofing, Ransomware and SQL Injections etc. Incident Response experience (identifying, investigating, and responding to complex attacks)Experience with threat hunting.