Job Description

:

Role Proficiency: Resolve L1 Incident and service requests within agreed SLA

Outcomes: 1) Monitor customer infrastructure using tools or defined SOPs to identify failures and mitigate the same by raising tickets with defined priority and severity2) Update SOP with updated troubleshooting instructions and process changes3) Mentor new team members in understanding customer infrastructure and processes4) Perform alert analysis for driving incident reduction5) Resolve L1 incidents and service requests

Measures of Outcomes: 1) SLA Adherence2) Compliance towards runbook based troubleshooting process3) Time bound elevations and routing of tickets - OLA Adherence4) Schedule Adherence in managing ticket backlogs5) # of NCs in internal/external audits6) Number of KB changes suggested7) Production readiness of new joiners within agreed timeline by one-on-one mentorship8) % Completion of all mandatory training requirements9) Number of tickets reduced by alert analysis 10) Number of installation SR handled for endpoints / change tasks completed for infrastructure 11) Number of L1 tickets closed

Outputs Expected: Monitoring: * Understand Priority and Severity based on ITIL practice. Understand agreed SLA with customer and adhere.

• Repetitive alert analysis for finding high ticket generating Cis. Adhere to ITIL best practices

Runbook Reference/Change: * Follow runbook for troubleshooting

record troubleshooting steps and provide inputs for runbook changes.
Escalation/Elevation/Routing of tickets: * Escalate within organization/customer peer in case of resolution delay.

• Understand OLA between delivery layers (L1

L2
L3 etc)
adhere to OLA
route the tickets to relevant queue
initiate intimation respective teams/customer based on defiled process.
Tickets Backlog/Resolution: * Follow up on tickets based on agreed timelines

manage ticket backlogs/last activity as per defined process.

• Resolve incidents and SRs within agreed timelines. Execute change tasks for infrastructure.

Collaboration: * Collaborate with different towers of delivery for ticket resolution (within SLA)

document learnings for self-reference.

• Close/resole L1 tickets with help from respective tower.

• Actively participate in team/organization-wide initiatives.

Installation: * Install software software/tools and patches

Stakeholder Management: * Lead the customer and vendor calls.

• Organize meetings with different stake holders. Participate in RCA meetings.

Process Adherence: * Thorough understanding of organization and customer defined process.

• Consult with mentor when in doubt.

• Adherence to defined processes.

• Adhere to organization\' s policies and business conduct.

Training: * On time completion of all mandatory training requirements of organization and customer.

• Provide On floor training and one-on-one mentorship for new joiners.

Performance Management: * Update FAST Goals in NorthStar

track
report and seek continues feedback from peers and manager.

• Set goals and provide feedback for mentees.

• Assist new team members to understand the customer environment.

Skill Examples: 1) Good communication skills (Written verbal and email etiquette) to interact with different teams and customers2) Networking:a. Good in Monitoring tools and Device back up schedulingb. Basic DHCP and DNS configuration in routers and switchesc. Basic troubleshooting skills in \'show ip route\' \'sh mac address-table\' etcd. Static and dynamic IP routing protocols basics3) Server:a. Basic to intermediate powershell / BASH/Python scripting skillsb. Manual patch of QA serverc. Analyse space alerts from a server and engage Capacity Mgmt. team for disc expansion4) Storage and Back upa. Ability to handle Storage and Backup issues independentlyb. Ability to handle Vendor management Device management Storage array managementc. Perform Hardware upgrades firmware upgrades Vulnerability remediationd. Ticket analysis Storage and backup Performance management various trouble shootings5) Database:a. Patching and upgrading the DB server and application toolsb. Tweak queries making them run as fast as possiblec. Logical and Physical Schema design (indexing constraints partitioning etc.)d. Ability to visualize debug the end-to-end flow of business transaction model and applicationse. DB migration export/import

Knowledge Examples: 1) Fair understanding of customer infrastructure ability to co-relate failures 2) Monitoring knowledge in infrastructure tools3) Networkinga. IP addressing and Subnetting knowledgeb. Preferably certified in Cisco\'s basic certification trackc. IOS upgradation knowledge and IOS patching knowledge4) Servera. Intermediate level knowledge in active directory DNS DHCP DFS IIS patch managementb. Strong knowledge in backup tools such as Veritas/Commvault/Windows backup storage concepts etcc. Strong Virtualization and basic cloud knowledged. AD group policy management group policy tools and troubleshooting GPO alertse. Basic AD object creation DNS concepts DHCP DFSf. Knowledge with tools like SCCM SCOM administration5) Storage and Backupa. In depth knowledge in Storage & Backup technology Storage allocation and reclamation Backup policy creation and managementb. Strong knowledge in server Network and virtualization technologies6) Toola. Knowledge in Infrastructure and application technologiesb. Understanding of monitoring concepts and processc. Understanding of key network monitoring protocols including SNMP NetFlow WMI syslog etcd. Knowledge in administration of tools like SCOM Solarwinds CA UIM Nagios ServiceNow etc7) Monitoringa. Good understanding of networking concepts and protocolsb. Knowledge in Server backup storage technologiesc. Desirable to have knowledge in SQL scriptingd. Knowledge in ITIL process8) Database:a. Knowledge of Database security9) Quality Analysisa. Exposure to FMEA audit practicesb. Exposure to technology/processes as per audit requirements.10) Working knowledge of MS Excel Word PPT Outlook etc.
Additional Comments:

Job Summary: In this role, you will be part of a team that is responsible for escalation point for suspect or confirmed security incidents. Responsibilities include performing forensic analysis, following security incident response best practices, malware analysis, identify indicators of compromise, support remediation or coordinate remediation efforts of a security incident, and develop documentation to support the security incident response process. Essential Functions/Responsibilities: \xe2\x80\xa2 Investigate, coordinate, bring to resolution, and report on security incidents as they are escalated or identified \xe2\x80\xa2 Forensically analyse end user systems and servers found to have possible indicators of compromise \xe2\x80\xa2 Analysis of artifacts collected during a security incident/forensic analysis \xe2\x80\xa2 Identify security incidents through \'Hunting\' operations within a SIEM and other relevant tools \xe2\x80\xa2 Interface and communicate with server owners, system custodians, and IT contacts to pursue security incident response activities, including obtaining access to systems, digital artifact collection, and containment and/or remediation actions \xe2\x80\xa2 Provide consultation and assessment on perceived security threats \xe2\x80\xa2 Maintain, manage, improve, and update security incident process and protocol documentation \xe2\x80\xa2 Accurate and timely routing of verified compromises to the appropriate IT operations teams for further analysis and remediation \xe2\x80\xa2 Appropriate escalation of incidents as defined in the established operating procedures \xe2\x80\xa2 Identify compromised computers using logs, live response, and related computer centric evidence sources \xe2\x80\xa2 Regularly provide reporting and metrics on case work \xe2\x80\xa2 Resolution of security incidents by identifying root cause and solutions \xe2\x80\xa2 Analyse findings in investigative matters, and develop fact-based reports \xe2\x80\xa2 Be On-Call to deliver global incident response \xe2\x80\xa2 Strong understanding of network communications (TCP/IP networks, HTTP basics) \xe2\x80\xa2 Strong oral and written communication skills Skills: \xe2\x80\xa2 Foundational understanding tactics used by APT, Cyber Crime and other associated threat group \xe2\x80\xa2 Previous operational experience in a CSIRT, CIRT, SOC, or CERT \xe2\x80\xa2 Expert understanding of network communications (TCP/IP fundamentals, HTTP basics) \xe2\x80\xa2 Expert understanding of multiple operating systems such as Linux, Solaris, BSD, or Windows \xe2\x80\xa2 Resolution of security incidents by identifying root cause and solutions \xe2\x80\xa2 Analyse findings in investigative matters, and develop fact-based reports \xe2\x80\xa2 Demonstrated integrity and judgment within a professional environment \xe2\x80\xa2 Ability to appropriately balance work/personal priorities \xe2\x80\xa2 Security Incident Management - analysis, detection, and handling of security events \xe2\x80\xa2 Practical experience with security incident response \xe2\x80\xa2 Comprehension of how attacks exploit operating systems and protocols \xe2\x80\xa2 Must understand how to analyse network traffic for suspicious and malicious activity \xe2\x80\xa2 Hands-on experience with other security technologies: \xe2\x80\xa2 Next-Gen Intrusion Detection Systems - FireEye, Damballa, or Palo Alto WildFire \xe2\x80\xa2 Security Information & Event Management (SIEM) - Azure Sentinel, ArcSight, Splunk, QRadar, Sumo Logic etc \xe2\x80\xa2 Packet capture technologies - NetWitness, Solera, Moloch, or at a minimum, WireShark or tcpdump \xe2\x80\xa2 Scripting experience with one or more of the following: KQL, PERL, Bash, PowerShell, Python \xe2\x80\xa2 Ability to write technical documentation and present technical briefings to varying audiences \xe2\x80\xa2 Ability to work with a globally distributed team and rely heavily on electronic communication Desired Skills: \xe2\x80\xa2 Experience with IT network communications troubleshooting (netflow, WireShark, traffic analysis) \xe2\x80\xa2 Foundational understanding tactics used by APT, Cyber Crime and other associated threat group \xe2\x80\xa2 Experience with IT security technical controls (AV, Snort, firewall, syslog, SIEM, , ArcSight, Splunk) \xe2\x80\xa2 Experience with host-centric malware detection, identification, and response \xe2\x80\xa2 Previous operational experience in a CIRT, SOC, or CERT \xe2\x80\xa2 Experience with the Cyber Kill Chain framework Education & Experience: \xe2\x80\xa2 5+ years of information security experience is required; At least 3 years\' experience in security monitoring, digital forensic analysis, or incident response is preferred. \xe2\x80\xa2 A Bachelor of Arts or Sciences Degree is required, or equivalent experience. \xe2\x80\xa2 Demonstrated ability to have completed multiple, moderately complex technical tasks.

UST Global