Technical Specialist – MS, SOC - Hyderabad, India - NTT

Description

NTT is a leading global IT solutions and services organisation that brings together people, data and things to create a better and more sustainable future. In today's interconnected world, connections matter more now than ever. By bringing together talented people, world-class technology partners and emerging innovators, we help our clients solve some of the world's most significant technological, business and societal challenges. With people at the heart of our success, NTT is committed to attracting and growing the best talent and providing an environment where everyone feels they can belong and their contribution matters.

Want to be a part of our team?

Provides technical support to field engineers, technicians, and product support personnel who are diagnosing, troubleshooting, repairing, and debugging complex electro/mechanical equipment, computer systems, complex software, or networked and/or wireless systems. Responds to situations where first-line product support has failed to isolate or fix problems in malfunctioning equipment or software. Reports design, reliability, and maintenance problems or bugs to design engineering/software engineering. May be involved in customer installation and training. Provides support to customers/users where the product is highly technical or sophisticated in nature.

Working at NTT

The SOC L3 is responsible for providing service to clients by proactively identifying and resolving technical incidents and problems. Through preemptive service incident and resolution activities, as well as product reviews, operational improvements, operational practices, and quality assurance, this role will maintain a high level of service to clients. Their primary objective is to ensure zero missed service level agreement (SLA) conditions. The SOC L3 is responsible for managing tickets of low to high complexity.

Key Roles and Responsibilities:

• NG SIEM (SIEM+SOAR+UEBA) Tool Overall Administration, Management, Backup & Archival, Troubleshooting
• Upgrade/Update/Patching of NG SIEM Solution
• Monitor NG SIEM Console & Dashboards and provide response & support to remote SOC team for Incidents
• Support the day to day operation of deployed NG SIEM
• Perform initial analysis for known issues and provide the appropriate recommendations for closure
• Monitor & Reporting of system components health and take necessary action in case of any observed issue
• Provide notification and communication with Incident management and respective application team upon threat detection
• Perform analysis on the reported incidents, determine the root cause, and recommend the appropriate solution
• Integration of NG SIEM with IS infrastructure (Existing/Future) but not limited to like IPS, WAF, Patch Management, Firewall, Anti-APT solution, Antivirus, EDR, AD, ERP, DLP, VMT, Exchange, SharePoint, Network Devices, Web Services, Custom applications etc. & also on respective version upgrade(s)
• Develop appropriate use cases/playbooks/models/reports and alerts & develop custom parsers/connectors for integrating logs wherever necessary or required
• Integration of SIEM/SOAR/UEBA Tool with security/non-security solutions based on requirement & architecture and develop/modify appropriate use cases/rules, playbooks/models, reports and alerts
• Use and apply learnings from incident and provide recommendation for standardizing the NG SIEM Solution
• Reduction of False Positives by fine-tuning existing correlation rules/configuration/playbooks/models
• Automation with continuous improvements, Reduction in MTTR, MTTD
• Develop and implement processes for interfacing with operational teams and other supporting teams
• Ensure the NG SIEM integration is intact among the Client SOC solutions, other assets
• Design, create and customize the dashboards as per the client requirements

Threat Hunting Requirements

• Use algorithms and tools to actively hunt of attacks in large volume of data and create alerts that are passed on to analysts
• Define, develop, implement, update and maintain Hunting Framework which contains: Create Strategic Hunt Missions which are objective based to identify malicious activity that has not triggered an alert. Search for Indicators of Compromise received from Threat Intelligence and Analytics
• Create knowledge base of IOCs
• The service should able to detect threats from various attacks vectors such as malware, web application attacks, network attacks, watering hole attacks, DNS attacks, insider threat, and data exfiltration but not limited to. List the detection use cases which can detect above attacks using pre-built machine learning techniques and analytical models
• Analytics using machine learning techniques should use multiple sources to identify malicious activity. A minimum the following sources should be used but not limited to: IPS/IDS, Proxy, FW, WAF, Anti APT, EDR, AV, Internet/Mail gateway, Windows & Linux logs, DNS
• Bidder should have analytical models to detect different stages of Cyber Kill chain
• Network Threat Hunting should leverage existing network sources for better detection of advanced attacks. Network sources should include Net flow, Proxy, DNS, IPS, VPN, Firewall, WAF, AD/Windows, Email logs etc
• Network threat hunting should use AI on network sources and enable hunting for attacks including but not limited to Lateral Movement, Malware Beaconing, Data Exfiltration, Watering Hole, Targeted network attacks, Dynamic DNS attacks
• The service must be capable of identifying suspicious or hitherto undiscovered communication patterns to uncover hidden, advanced threats missed by automated, preventative and detective controls & detect suspicious trends. Service must support detection of newly discovered pattern in future
• The service should identify network traffic from potentially risky applications (e.g. file sharing, peer-to-peer, etc.)

Skills Summary

Automation Tools, Cloud Security, Firewalls, Local Area Network (LAN), Palo Alto Networks Prisma Access Secure Access Service Edge (SASE), Security Technologies, TCP/IP Networking, Threat Management

What will make you a good fit for the role?

Remote Type:

Equal Opportunity Employer

NTT is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, color, sex, religion, national origin, disability, pregnancy, marital status, sexual orientation, gender reassignment, veteran status, or other protected category

Join our growing global team and accelerate your career with us. Apply today.

A career at NTT means:

• Being part of a global pioneer – where you gain exposure to our Fortune 500 clients and world-leading global technology partners and work with a network of over 40,000 smart and diverse colleagues across 57 countries, delivering services in over 200 countries
• Being at the forefront of cutting-edge technology – backed with a 150-year heritage of using technology for good. With 40% of the world's internet traffic running on our network and where Emoji were first invented, you can be proud of the group's many new 'firsts'
• Making a difference – by doing meaningful work that helps to shape the future for our clients, and across industries and communities around the world
• Being your best self – in a progressive 'Connected Working' environment that promotes flexibility, connection, and wellbeing. Where diversity and different perspectives are embraced to ensure equal opportunities for all
• Having ongoing opportunities to own and develop your career – with a personal and professional development plan and access to the broadest learning offerings in the industry