Job Description

Description . Job location - Noida Notice Period - 1 Month Education University degree in Computer Science/IT Experience/ Qualifications 5+ years\' experience in Information Security. 3+ year experience in managing the SOC Knowledge of industry recognized analysis frameworks (Kill Chain, Diamond Model, MITRE ATT&CK, NIST Incident Response, etc.) Knowledge of Cloud Computing Fundamentals, EDR, DLP, Firewall Thorough understanding of fundamental security and network concepts (Operating systems, intrusion/detection, TCP/IP, ports, etc.) Strong problem-solving and analytical skills, initiative driven, result oriented and ability to lead a technical team. Proven ability to work under stress in emergencies, with the flexibility to handle multiple high-pressure situations simultaneously. Responsibilities Provide technical and functional support to L1 Team with analytical feedback. Responsible for incident investigation, evidence collection, diagnosis, recovery within defined SLA and closing incidents Understand information security policies and best practices in Birlasoft environments. Inform L3 team of proactive and reactive actions to ensure adherence to security policy. Review and understand collected metrics from monitoring systems and be aware of patterns and anomalies. Perform incident response, with a primary focus of eliminating the threat to the network and determining the cause of the security incident while preserving evidence for further analysis Ensure incidents are handed in a manner that is consistent with established playbooks Monitors SIEM and logging for alerts of potential network threats, intrusions, and/or compromises Responsible for understanding the global threat environment and general security best practices Assists with triage of service requests from automated sensors and internal requests for assistance Participates in active cyber hunting to identify and eliminate known and unknown network threats Interface with technical personnel from various disciplines to rapidly resolve critical issues Appropriately inform and advise leadership of incidents and propose effective response and/or countermeasures for containment. Participate in knowledge sharing with other security engineers and partner. Technical skills understanding on SOC/SIEM operation Understanding on Cloud Security Platform Certification (Mandatory) Certifications (Optional) AZ 303 Provide technical and functional support to L1 Team with analytical feedback. Responsible for incident investigation, evidence collection, diagnosis, recovery within defined SLA and closing incidents Understand information security policies and best practices in Ignite environments. Inform L3 team of proactive and reactive actions to ensure adherence to security policy. Review and understand collected metrics from monitoring systems and be aware of patterns and anomalies. Accept, manage and update Ignite platform service requests and incidents to ensure contracted Service Level Agreements are met. Perform incident response, with a primary focus of eliminating the threat to the network and determining the cause of the security incident while preserving evidence for further analysis Ensure incidents are handed in a manner that is consistent with established playbooks Monitors SIEM and logging for alerts of potential network threats, intrusions, and/or compromises Responsible for understanding the global threat environment and general security best practices Assists with triage of service requests from automated sensors and internal requests for assistance Participates in active cyber hunting to identify and eliminate known and unknown network threats Interface with technical personnel from various disciplines to rapidly resolve critical issues Appropriately inform and advise leadership of incidents and propose effective response and/or countermeasures for containment. Participate in knowledge sharing with other security engineers and partner. Identify, document, and recommend new or revised incident response playbooks Drive continuous improvement of processes and procedures to improve analysis, detection, and mitigation of incidents in support of the overall Cyber Defense mission Create and drive action plans to address recurring or ongoing information security incidents. Develop and maintain reporting metrics used to measure team performance, ensure analyst adherence to processes/procedures for operational consistency, identify process improvements, coaching, training, and professional development of the staff. Participate in the planning and implementation of information security technology projects. Serve as point-person and subject matter expert for issues and projects related Cyber Security Counter Threat Operations. Ability to work either in-office or remotely with minimal supervision, prioritize intake via multiple method that include SIEM\'s, email, chat, text messages and telephone calls. Collaboration as appropriate with leadership and other key stakeholders Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualifications Undergraduate degree or equivalent experience Knowledge of industry recognized analysis frameworks (Kill Chain, Diamond Model, MITRE ATT&CK, NIST Incident Response, etc.) Scripting experience with any of the following: C+, Python, PowerShell, Bash, or Java Knowledge of Cloud Computing Fundamentals Thorough understanding of fundamental security and network concepts (Operating systems, intrusion/detection, TCP/IP, ports, etc.) Willing to work in a team-oriented 24/7 SOC environment flexibility to work on a rotating schedule (including occasional shift work) Preferred Qualifications BS in Computer Science, Computer Engineering, Cyber Security, Forensics and/or equivalent work experience Security certifications (e.g. Security+, CCNA Cyber Ops, GCIA, GCIH, CEH, CySA+, OSCP, etc.) Experience with network monitoring in a SOC environment Experience in various cloud security solution Guard Duty, Sentinel, Prisma and Security Command Center Experience and knowledge conducting cyber threat analysis originating from phishing emails Previous experience working with network tools and technologies such as firewall (FW), proxies, IPS/IDS devices, full packet capture (FPC), and email platforms Efficient triage and documentation during incident response to effectively brief teammates, shift lead and supervisory levels

Monster