Subject Matter Expert - Pune, India - SecurityHQ

Description

Job Description:

The primary function of an SME is to ensure that the SOC team is performing its functions as
required and to trouble shoot problematic incidents and events.


Responsibilities:

• Work collaboratively with Account Manager for Client relations
• Track incident detection and closure.
• Execute risk hunting activities
• Undertake forensic investigations
• General intelligence advisories and delegate intelligence aggregation tasks to L
• Generate new use cases for emerging threats
• Conduct incident response coordination with customer
• Validation of security incidents
• Conduct audits of logging and correlation
• Conduct monthly security use case review and correlation audits
• Use of sandbox, honeypot, analytics tools and security testing
• Escalation Management
• Ensure process compliance
• Ensure quality of investigations and notification and direct L2 and L1 accordingly
• Report deviations to SOC manager
• Ensure SLA compliance for projects within remit
• Perform deep analysis to security incidents to identify the full kill chain
• Setup weekly meeting to review the weekly reports with the client
• Respond to client's requests, concerns and suggestions
• Provide knowledge to L1 and L2 such as guides, cheat sheets etc
• Follow up with the recommendations to the client to contain an incident or mitigate a

threat

• Conduct presentations and updates to the client
• Respond to incident escalations and provide solid recommendations
• Update aging incidents and requests
• Track SOC performance in terms of SLAs and incidents quality
• Review vulnerability assessment reports with the client and provide necessary

recommendations

• Configure and maintain vulnerability scanners policies and reports
• Conduct threat hunting exercises on SIEM and EDR platforms

(Windows/Linux) and wireless infrastructure

• Develop and improve processes for monitoring and incident qualification
• Perform quarterly evaluation for L1 and L2 analysts and report feedback to SI

management

• Participate in professional services (internal and external penetration testing, wireless

audits, social engineering exercises, security awareness programs etc.)

• Perform threat intelligence analysis and investigations. Search on the darkweb and

using other platforms such as RF to identify intelligence indicators or threats for a

specific client

• Create reports for threat intelligence as a service

Essential Skills

• Experience with Security Information Event Management (SIEM) tools, creating

advanced co-relation rules, administration of SIEM, system hardening, and Vulnerability

Assessments

• Should have expertise on TCP/IP network traffic and event log analysis
• Knowledge and handson experience with LogRhythm, QRadar, Arcsight, Mcafee epo,

NetIQ Sentinel or any SIEM tool

• Knowledge of ITIL disciplines such as Incident, Problem and Change Management
• Configuration and Troubleshooting experience on Checkpoint, Cisco, Fortigate,

PaloAlto and Sonicwall firewalls would be an added advantage

• Knowledge and handson experience of implementation and management of IDS/IPS,

Firewall, VPN, and other security products

Education Requirements & Experience

Bachelors in Computer Science/IT/Electronics Engineering, M.C.A. or equivalent
University degree

• Minimum of 6 to 10 years of experience in the IT security industry, preferably working

in a SOC environment

• Certifications: GCIH, CCNA, CCSP, CEH

Location

Pune - Baner

Additional Desired Skills

• Strong verbal and written English communication
• Strong interpersonal and presentation skills
• Ability to work with mínimal levels of supervision
• Willingness to work in a job that involves 24/7 operations