No more applications are being accepted for this job
- Role and responsibilities:
- Participate in a rotating SOC on-call; rotation is based on the number of team members.
- Provide first-line SOC support with timely triage, routing and analysis of SOC tasks.
- Researches, develops, and monitors custom visualizations.
- Researches, analyzes, and writes documents such as cybersecurity briefings for all levels of stakeholders from Tier 1-3 SOC, security engineering, and executives.
- Tunes and develops SIEM correlation logic for threat detection.
- Ensures documentation is accurate and complete, meets editorial and government specifications, and adheres to standards for quality, graphics, coverage, format, and style.
- Develop scripts using Python to automate IR functions, including (but not limited to) IOC ingestion and SIEM integration via REST APIs to minimize repetition of duties and automate tasks.
- Produce and review aggregated performance metrics.
- Perform Cyber Threat Assessment and Remediation Analysis
- Processing, organizing, and analyzing incident indicators retrieved from the client environment and correlating said indicators to various intelligence data.
- Assisting in the coordination with internal teams as well as in the creation of engagement deliverables for a multitude of activities, including but not limited toInsider Threats, Rule of Engagement (ROE), Threat Hunting, After Action Reports, and other artifacts to support testing, monitoring and protecting the enterprise.
- Investigate network and host detection and monitoring systems to advise engagement processes.
- Develop and Execute bash and python scripts to process discrete log files and extract specific incident indicators; develop tools to aid in Tier 1 and Tier 2 functions.
- Participate in on-call rotation for after-hours security and/or engineering issues.
- Participate in the increase of effectiveness and efficiency of the SOC, through improvements to each function as well as coordination and communication between support and business functions.
- Think critically and creatively while analyzing security events, network traffic, and logs to engineer new detection methods.
- Work directly with Security and SOC leadership on cyber threat intelligence reports to convert intelligence into useful detection.
- Participate in on-call rotation for after-hours security and/or engineering issues.
- Collaborate with incident response team to rapidly build detection rules as needed.
- Responsible for supporting 24x7x365 SOC operations including but not limited to: Alert and notification activities- analysis/triage / response, Review and action on Threat Intel for IOCs and other operationally impactful information, initial review and triage of reported Incidents.
- Perform analysis across all security tools, uncovering attack vectors involving a variety of malware, data exposure, and phishing and social engineering methods.
- Monitoring/triage security events received through alerts from SIEM or other security tools; escalate and support to IR as appropriate.
- IDS monitoring and analysis, analyze network traffic, log analysis, prioritize and differentiate between potential intrusion attempts and false alarms Review and reporting on anomalous patterns (Hunting) across all security tools / SIEM.
- Develop in in-depth understanding of customer and SOC operations requirements and policies.
- Ensure reports are properly entered into the tracking system.
- Perform customer security assessments.
- Supporting incident response or remediation as needed
- Participate and develop and run tabletop exercises.
- Perform lessons learned activities.
- Supporting ad-hoc data and investigation requests
- Composing reports, updates, security alert notifications or other artifacts and documents as needed Required Experience
- 7+ years of experience in SOC, security operations, cyber technical analysis, threat hunting, and threat attribution assessment with increasing responsibilities.
- 3+ years of rule development and tuning experience
- 1+ years of Incident response
Security operation Center - Gurugram, India - Incedo Inc.
Description
Security operation Center (SOC) – L3/Tier 3- Threat Hunte rMust have skillsIBM QRadar Administration/L3SOAR hands onLog AnalysisThreat HuntingIncident ResponseTroubleshootingCertifications/ TrainingsBlueteamingExperience 7 -12 yrs24/7 OperationsGurgaon LocationImmidiate to 60 days
NP
JD :