Security Operations Center Analyst - SOC

Job Description :

SOC Security Analyst (L2) will be responsible for responsible for day-to-day security threat monitoring and analysis. You will manage security incidents and review security alerts. You will work on known or suspected security threats. You will also work on threat intelligence, forensics and incident response adhering to security practices and frameworks. You will be part of 24x7 Security Operations Centre (SOC) team. You will be required to work in shifts.

Job Responsibilities

• Experience of monitoring threats in a 24x7 Security Operation Center (SOC)
• Investigates and hunts for advanced threats.
• Correct root cause analysis as well identify suitable corrective steps.
• Perform deep packet analysis, collection of IOC (Indicator of Compromise).
• Collection of evidence, malware reverse engineering and write custom scripts whenever required.
• Co-coordinating with OEM for all the firmware upgrades, troubleshooting and other activities
• Threat mitigation and reporting are top priority for this position.
• Rule base Management, SOC Fine tuning and administer SIEM tools
• Manage and coordinate with team to accomplish daily operational tasks as per defined standard and Maintaining the SLA's.
• Identify vulnerabilities, recommend corrective measures and ensure the adequacy of existing information security controls.
• Advanced working skills with Microsoft Sentinel, Qradar, LogRhythm, Arcsight and Splunk etc. Relevant certification is a plus. Good working knowledge with SOAR and EDR tools.
• Investigate and respond to security incidents. Document and report on information security issues
• Investigate, document, and report on information security issues and emerging trends
• Evaluate and implement SIEM use cases.
• Document and continuously improve playbooks.
• Monitor for threats, analyze, and escalate as per process.
• Analyze functional and technical cases and provide a resolution in accordance with agreed metrics.
• Track health of monitoring infrastructure
• Manage and support the log collection, security scanning, intrusion detection, proxy, mail gateway and other security technologies.
• Review, triage security alerts, provide analysis, suggest remediation, track remediation.
• Support in resolving security incidents.
• Monitor networks and systems for potential threats.
• Knowledge of network data flows, ports, protocols, and other network and application services / technologies.
• Respond to incidents by collecting, analyzing and preserving digital evidence to assist with remediation of critical information security incidents.
• Improve and challenge existing processes and procedures in a very agile and fast-moving information security environment.
• Ability to write technical documentation and present technical briefings to diverse audiences.
• Strong understanding of threat landscape in terms of the tools, tactics, and techniques of threats employing both commodity and custom malware.
• Current knowledge of security threat intelligence and recent attack vectors
• Strong forensics analysis skills
• Knowledge on ITIL processes

Minimum Qualification & Background :

Skills Required

Security Operation Center, Forensics, Threat Intelligence