Job Description

:
Responsibilities
Security Operations Centre T5 - Experience 10 yrs. * Ready to work in 24*7*365 environment in rotating shift environment.

• Must have hands on experience in handling security incidents investigations and response in the cloud environment (AWS, Azure). Role will involve monitoring, investigating end-to-end and responding to the real time security incidents targeting cloud infra/services/applications.
• Strong Cloud Platform Proficiency - should be well verse with platform like AWS and Azure which is essential for dealing with the security incidents in cloud
• Should utilize SIEM and other cloud log sources to analyze logs and identify anomalies.
• Continuous monitoring and respond to cloud & on perm security incidents promptly.
• Helps to solve high priority incidents and be a focal point for the team members for technical escalations.
• Understanding the Root cause and preparing a summary report when required
• Proactively take indicators from current threat landscape and use for threat hunting and/or control or detection recommendations.
• Document and guide the team on appropriate prioritization of qualified incidents, alerts triaging & qualification into incidents or false positives
• Splunk:
• Basic understanding and exposure to Splunk, should be able to query and pull out the required logs.
• Ability to understand co-relation search, analyze the required logs for investigations.
• Ability to create required dashboards/reports/searches.
• Should act as a single point of contact for the team for cloud security incidents. (including data breach/exfiltration, malware, etc..)
• Should be good with Investigation of intrusion attempts and perform an in-depth analysis of exploits
• Responsible for malware analytics by investigating events similar in complexity to Bash attempts and SQL injections.
• Must have extensively worked on Phishing incidents. Should have good exposure on SIEM preferably Splunk.

• Should have expertise on TCP/IP network traffic and event log analysis. Cloud and Network Security - understanding protocols and cloud architecture is crucial for incident investigation and response.
• Ability to perform critical analysis and resolve issues independently and differentiate false positives.
• Should be able to contribute to the response activities (contain and mitigate) to address potential security incidents/ breaches effectively, minimizing impact on operations and recommends changes to enhance security systems to improve existing security posture.
• Cross collaboration with other IT teams to ensure coordinated response to security incidents.
• Should help to develop documentation which includes SOPs, playbooks and runbooks.
• Ensure quality and accuracy of junior analysts tickets by completing ticket reviews.
• Researches security trends, new methods and techniques used in unauthorized access of data in order to proactively eliminate the possibility of a system breach and to ensure compliance with regulations and privacy laws.
• Keep abreast of Cyber Threat Advisories on global threats and critical vulnerabilities; Recommend actions to be taken based on the environment.

Qualifications
Nice to have:

• Familiarity with basic system administration and scripting languages e.g. PowerShell, batch, bash (and it's various flavors/variations) and other programming/query languages like Java, Python
• AWS Certified Security - Specialty
• GCIH - GIAC Certified Incident Handler

Skills Required