Job Description

Cyber Defence \xe2\x80\x93 Global Security Operations Centre (GSOC) Associate

Mumbai, IN
January 11, 2024


As part of Information and Cyber Security \xe2\x80\x93 Global Security Operations Centre (GSOC), you will be delivering security operations services, responding to incidents, assessing trending and evolving threats, and assisting with ongoing improvements to the service. You will be working within the GSOC team and will co-ordinate with business teams and IT leaders, clients and partners to build an effective security capability including people, processes and new technologies to protect critical data and technology assets from all threats, with exceptional technical prowess, calm approach under pressure, and a genuine passion for security, you will also be an exceptional communicator, explaining our cyber defense posture, highly technical concepts, and approach to our stakeholders. To be added bySkills Solid understanding of SIEM technologies, and data storage technologies. High level of ability with Kusto Query Language. Proficiency in scripting where it is applicable and useful to security operations, analysis, and automation. Excellent skills in understanding, and analysing logging outputs from any system, such as but not limited to networking devices, operating systems, endpoitns, firewalls, IDS/IPS, web-based applications, IoT, ICS, databases, and associated middleware. Knowledge of other SIEMS, security tools, frameworks, kill chains, and techniques, such as Wireshark, SysInternals, RedLine, KAPE, Velociraptor, Lockheed Martin killchain, Splunk, Pyramid of Pain, Highlighter etc. Proven ability to work in global collaborative group environment and virtual team. Experience working with a high degree of autonomy, managing own workload and delivering to tight timescales. Strong communication skills, both oral and written. Team player with good interpersonal skills. Strong ability to document, as well as being organised and methodical. Ability to communicate technical concepts to nontechnical teammates. Proven experience working with a Security Incident and Event Management solution as an analyst. Excellent analytical logic, and problem-solving skills, as well as ability to follow process Agile and responsive approach to meeting business, security and technology objectives and delivering continuous improvement.
Knowledge/Experience: Essential Demonstratable knowledge of Kusto Query Language, and how it applies in O365 Defender/MDE/MDI/Log Analytics/Sentinel/Azure Data Explorer. Or how to translate from other query languages such as Lucene, Kibana, Elastic, Splunk, Sigma, or ArcSight to Kusto. Good understanding of security threats, risks and countermeasures and how they might be applied to extend our defences. Comfortable conducting SIEM investigations specifically with Microsoft products. Technical understanding including TVM, DLP, APT, SIEM, perimeter security, content filtering, network/packet flows, IPS/IDS, etc In-depth understanding of currently supported versions of Microsoft Windows Server and Active Directory, as well as products such as SCCM and SCOM Thorough understanding of technical security countermeasures and awareness of external and internal threat landscape Deep understanding and knowledge of MITRE ATT&CK, MITRE D3FEND, and NIST Cyber Security. Provable hands-on experience working as part of a Security Operation Centre (or similar) function with enterprise level architecture. Thorough understanding of network protocols, data on the wire, covert channels, ciphers and shell scripting and how to find those when investigating security incidents. Beneficial Experience in other areas of Cyber Security (Data Loss Protection, Vulnerability Management, Threat Intelligence, Access Management, Consulting) Citrix, Checkpoint, Cisco, Bluecoat, McAfee, Symantec security technologies. Web application security controls. the recruiter