Security operation Center - Gurugram, India - Incedo Inc.

    Incedo Inc.
    Incedo Inc. Gurugram, India

    1 week ago

    Default job background
    Description
    Security operation Center (SOC) – L3/Tier 3- Threat Hunte rMust have skillsIBM QRadar Administration/L3SOAR hands onLog AnalysisThreat HuntingIncident ResponseTroubleshootingCertifications/ TrainingsBlueteaming

    Experience 7 -12 yrs24/7 OperationsGurgaon LocationImmidiate to 60 days

    NP


    JD :

    • Role and responsibilities:
    • Participate in a rotating SOC on-call; rotation is based on the number of team members.
    • Provide first-line SOC support with timely triage, routing and analysis of SOC tasks.
    • Researches, develops, and monitors custom visualizations.
    • Researches, analyzes, and writes documents such as cybersecurity briefings for all levels of stakeholders from Tier 1-3 SOC, security engineering, and executives.
    • Tunes and develops SIEM correlation logic for threat detection.
    • Ensures documentation is accurate and complete, meets editorial and government specifications, and adheres to standards for quality, graphics, coverage, format, and style.
    • Develop scripts using Python to automate IR functions, including (but not limited to) IOC ingestion and SIEM integration via REST APIs to minimize repetition of duties and automate tasks.
    • Produce and review aggregated performance metrics.
    • Perform Cyber Threat Assessment and Remediation Analysis
    • Processing, organizing, and analyzing incident indicators retrieved from the client environment and correlating said indicators to various intelligence data.
    • Assisting in the coordination with internal teams as well as in the creation of engagement deliverables for a multitude of activities, including but not limited toInsider Threats, Rule of Engagement (ROE), Threat Hunting, After Action Reports, and other artifacts to support testing, monitoring and protecting the enterprise.
    • Investigate network and host detection and monitoring systems to advise engagement processes.
    • Develop and Execute bash and python scripts to process discrete log files and extract specific incident indicators; develop tools to aid in Tier 1 and Tier 2 functions.
    • Participate in on-call rotation for after-hours security and/or engineering issues.
    • Participate in the increase of effectiveness and efficiency of the SOC, through improvements to each function as well as coordination and communication between support and business functions.
    • Think critically and creatively while analyzing security events, network traffic, and logs to engineer new detection methods.
    • Work directly with Security and SOC leadership on cyber threat intelligence reports to convert intelligence into useful detection.
    • Participate in on-call rotation for after-hours security and/or engineering issues.
    • Collaborate with incident response team to rapidly build detection rules as needed.
    • Responsible for supporting 24x7x365 SOC operations including but not limited to: Alert and notification activities- analysis/triage / response, Review and action on Threat Intel for IOCs and other operationally impactful information, initial review and triage of reported Incidents.
    • Perform analysis across all security tools, uncovering attack vectors involving a variety of malware, data exposure, and phishing and social engineering methods.
    • Monitoring/triage security events received through alerts from SIEM or other security tools; escalate and support to IR as appropriate.
    • IDS monitoring and analysis, analyze network traffic, log analysis, prioritize and differentiate between potential intrusion attempts and false alarms Review and reporting on anomalous patterns (Hunting) across all security tools / SIEM.
    • Develop in in-depth understanding of customer and SOC operations requirements and policies.
    • Ensure reports are properly entered into the tracking system.
    • Perform customer security assessments.
    • Supporting incident response or remediation as needed
    • Participate and develop and run tabletop exercises.
    • Perform lessons learned activities.
    • Supporting ad-hoc data and investigation requests
    • Composing reports, updates, security alert notifications or other artifacts and documents as needed Required Experience
    Minimum of nine (9) years technical experience

    • 7+ years of experience in SOC, security operations, cyber technical analysis, threat hunting, and threat attribution assessment with increasing responsibilities.
    • 3+ years of rule development and tuning experience
    • 1+ years of Incident response