Job Objective:

• Handle security monitoring and incident response, while coordinating with various stakeholders to detect and respond to complex cyber-attacks, risk based scenarios and threats
• Provide in-depth incident analysis, evaluate security incidents and capability to prioritize based on relevancy and urgency
• Create Risk related documentation, record risks and carry out risk analysis of open risks, provide recommended actions to stakeholders while focusing on security with minimal impact on operations
• Handle Phishing Incidents and work with IT Security Architects to create attack simulation scenarios based on real world threats seen in the organization
• Proven Experience in SIEM, EDR and SOAR technology, manage and configure security monitoring tools – commercial and open source
• Experience in defensive areas such as NGAV, NGFW (IPS/ IDS), Web Application Firewalls, URL filtering
• Design, implement new SIEM use cases based on onboarded log sources, regularly recognize and develop new use cases for automation and optimization of security monitoring solutions
• Strong Threat Hunting approach and knowledge in MITRE ATT&CK Methodology, create threat hunting scenarios and use cases through research and threat intelligence analysis
• Directly communicate and coordinate effectively with corporate users, teammates, system owners and management to ensure timely response and resolution of incidents
• Work with IT Security Architects to identify gaps and weaknesses across the organization, experience in vulnerability assessment and fundamentals of penetration testing
• Provide inputs on fine tuning security solutions, constantly review product documentation to ensure the solutions are updated and utilized to the best of their capabilities
• Willing to work in shifts while ensuring well-articulated documentation and comprehensive handover procedures are carried out
• Optimize Incident Response procedures based on evolving threats and create playbooks for First Responders and NOC
• Create Dashboards for Technical Team and Executive Dashboards for management and present monthly SOC Metrics and KPIs
• Integrate solutions with Threat Intelligence feeds such as MISP, STIX and TAXII, APIs etc., connect relevant and up to date threat feeds
• Optimizing and adhering to SOC processes and policies, escalation matrix and SLAs
• Security in Cloud Platforms and implementing security monitoring in the cloud environment
• Ability to create and optimize security signatures, whitelist false positives based on granular requirements and follow a Zero Trust approach
• Microsoft Security Center, Defender ATP, O365 Security, Azure Sentinel experience and knowledge in KQL (Kusto Query Language) will be a plus
• Knowledge or experience specific to Palo Alto, Fortinet devices will be an added advantage

Job Details

Preferapply-d Candidate

Apply Now