Job Description

:
Responsibilities
Security Operations Centre T4 - Experience 7 - 9 yrs. * Ready to work in 24*7*365 environment.

• Must have hands on experience in handling security incidents investigations and response in the cloud environment (AWS, Azure). Role will involve monitoring, investigating end-to-end and responding to the real time security incidents targeting cloud infra/services/applications.
• Strong Cloud Platform Proficiency - should be well verse with platform like AWS and Azure which is essential for dealing with the security incidents in cloud
• Should utilize SIEM and other cloud log sources to analyze logs and identify anomalies.
• Splunk:
• Basic understanding and exposure to Splunk, should be able to query and pull out the required logs.
• Ability to understand co-relation search, analyze the required logs for investigations.
• Ability to create required dashboards/reports/searches.
• Should act as a single point of contact for the team for cloud security incidents. (including data breach/exfiltration, malware, etc..)
• Should be good with Investigation of intrusion attempts and perform an in-depth analysis of exploits
• Responsible for malware analytics by investigating events similar in complexity to Bash attempts and SQL injections.
• Must have extensively worked on Phishing incidents. Should have good exposure on SIEM preferably Splunk.

• Should have expertise on TCP/IP network traffic and event log analysis. Cloud and Network Security - understanding protocols and cloud architecture is crucial for incident investigation and response.
• Ability to perform critical analysis and resolve issues independently and differentiate false positives.
• Should be able to contribute to the response activities (contain and mitigate) to address potential security incidents/ breaches effectively, minimizing impact on operations and recommends changes to enhance security systems to improve existing security posture.
• Cross collaboration with other IT teams to ensure coordinated response to security incidents.
• Should help to develop documentation which includes SOPs, playbooks and runbooks.
• Ensure quality and accuracy of junior analysts tickets by completing ticket reviews.
• Researches security trends, new methods and techniques used in unauthorized access of data in order to proactively eliminate the possibility of a system breach and to ensure compliance with regulations and privacy laws.
• Keep abreast of Cyber Threat Advisories on global threats and critical vulnerabilities; Recommend actions to be taken based on the environment.

• Familiarity with basic system administration and scripting languages e.g. PowerShell, batch, bash (and it's various flavors/variations) and other programming/query languages like Java, Python
• AWS Certified Security - Specialty
• GCIH - GIAC Certified Incident Handler