Job Description

Job Title : Senior Security SOC Analyst (L3 ) Location : Bangalore / Chennai Experience : Above 10 + years Skills : SIEM,Logrythm/Sentinel Azure Administration, integration,Automation, log collection, Tool Administration -Logrythm, sizing, install, engineer works, security tool, fix : \'The Senior Security SOC Analyst is responsible for a broad range of responsibilities with a primary emphasis on 24/7 Security Operating center, administration of SIEM tool, Logs integration into SIEM, creation of advanced correlation rules, incident response, Log analysis, threat and event monitoring and data loss prevention to contribute to effective remediation of security incidents. ESSENTIAL DUTIES AND RESPONSIBILITIES : Strong experience in SIEM tool implementation, configuration and management, recommended tools like LogRhythm, Azure Sentinel etc. Security use cases development, implement and set up correlation rules, reports, alerts and dashboard. Integration of logs into SIEM tool from Firewall, WAF, EDR etc. Manage, create, and fine-tuning rules and configure in SIEM. Manage and oversee all technical function like upgrade, deployment, configuration etc. Create and maintain baseline for log sources of all servers, TI feed integration. Conduct and lead incident response activities (triage, root cause analysis, escalations, notifications, communication, etc.) resulting from Information Security incidents consistent with Incident Response processes and procedures. Perform in-depth data analysis on various data and media types through the application of advanced methods, tools, and research techniques. Respond to, report on, and track security events reported to the SIEM, system and event logs, and other sources which require further analysis. Facilitate and lead meetings or discussions pertaining to security issues or potential threats to determine necessary or improved defensive measures or response actions. Provide SME leadership throughout the incident response lifecycle. Establish and leverage external relationships to obtain cyber and InfoSec threats with context for how it impacts MFX and its clients. Monitor internal and external threats; examine logs, events, and alerts generated by multiple platforms for anomalous activity, evidence of security incidents, and other error conditions that may constitute a breach in security or a degradation of integrity or confidentiality of our systems and data. Provide forensic support as needed or required for security incidents, potential or adjudicated. Provide mentorship and technical guidance to less experienced security analysts. Provide input, trends or analytical support to discover anomalous traffic, behaviors or patterns related to new threat activity, policy violations, etc. Leverage scripting skills to develop tools for the automation of security processes using Python, Perl, Bash, and PowerShell. Work with a wide variety of security tools, both network and system based, as needed. Participate in internal projects and initiatives, researching and recommending appropriate security solutions. Document processes, policies, reports and procedures as require. Knowledge and Skills: The successful candidate will have a proven track record 10+ years in information security derived from an all-round Information Technology background and SOC/SIEM experience and possess a combination of the following skills, and competencies: Good working knowledge of Windows operating systems, Linux, networking, LogRhythm, RSA Net witness, troubleshooting, and security strategies. Solid understanding of additional security technologies / disciplines such as EDR, Palo Alto and Juniper firewalls, intrusion prevention, encryption, threat analysis, and vulnerability assessment. Comfortable with managing complex, enterprise-scale logging, including ensuring reporting and alerting is appropriate. Strong analytical, documentation, and communication skills, both oral and written Good team working skills and ability to work in a distributed global team environment. Strong analytical and problem-solving skills. Self-motivated, proactive and with determination to achieve goals. Proven business skills including effective oral and written communication, issue resolution, project management, and self-motivation. Experience with industry recognized SIEM solutions such as LogRhythm, Azure Sentinel Relevant security certifications such as CEH, GIAC, GSEC, CISSP Technical Skills: Exposure to SIEM Alert monitoring and management for multiple SIEM Products Working knowledge of the following technologies. o SIEM tools preferably LogRhythm, Azure Sentinel o Nessus Vulnerability Assessment o EDR, EPP, Network Security, Cloud Security, DLP, Encryption, proxy. Understanding of alerts from other monitoring systems e.g. DLP, WAF, Anti APT, DAM etc. Excellent knowledge of Intrusion Detection (deep TCP/IP knowledge, and Cyber security), various operating systems (Windows/UNIX), and web technologies (focusing on Internet security). Ability to read and understand packet level data. Intrusion detection and prevention and Network Security Products (IDS/IPS, firewalls, etc) Host Security Products (HIPS, AV, scanners, etc) Knowledge of cutting-edge threats and technologies effecting Web Application vulnerabilities and recent internet threats.\'

foundit