SOC L2 Proofpoint - Bengaluru, India - LTIMindtree

Description

Immediate joiners Preferred

Tier 2 Analyst will perform Proofpoint related activities – ØMonitoring of Proofpoint email alerts coming to the common DL Distribution List ØAnalysis and investigation of the Proofpoint alerts to identify true positives that need to be acted upon ØBased on the analysis take necessary remediation steps depending upon the level of access given to the Proofpoint tool eg of steps Whitelist sender Blacklist sender quarantine email release from quarantine etc ØEscalate to next level support Tier 2 Tier 3 if required access is not available or if the alert needs more detailed investigation and troubleshooting ØUpdate the user about the action taken ØDocument the alert investigation for records and reporting SIEM current tool SPLUNK is being migrated to Sentinel Monitoring of events on the SIEM console ØInitial response to the events analysis and investigation to identify true positives ØPush the event for incident creation automated incident creation on Archer Document the remediation steps in the incident ticket If required access is available on the relevant tool or device eg server firewall active directory DNS proxy etc then execute the remediation steps to the extent the access is given ØIf required access is not available triage the ticket to the respective resolution team co ordinate with them for ticket closure Documentation and Reporting