Job Description

JOB DESCRIPTION Role Proficiency: Monitor cyber security alerts for our global customers in a 24x7x365 operations team under supervision of Team Lead / senior members of the team. Outcomes: Under supervision of senior team members ensure that cyber security alerts from the SIEM and multiple sources are dealt with as per SLA. Seek support of senior members of the team in case of new type incident type or higher complexity. Respond independently to low and medium complexity incidents Follow documented playbook to ensure consistent and repeatable response to alerts. Ensure Documentation including in CDC / SIEM work log as predefined / agreed standards. Learn from review process for continuously improvement. Communicate and escalate as per defined process. Seek advice from senior members of the team when in doubt. Put forward topics for inclusion or upgrade in the playbook to the attention of the senior team members. Assist the lead in the review process for junior team members. Adhere to defined SOC processes including housekeeping tasks. Adhere to the Information Security policies as defined by the company and customer. Measures of Outcomes: Adhere to SLA as agreed with the customer. Productivity (Number of alerts addressed) Quality - Percent of tickets that met quality norms Adhere to process - Nil NC during audits Evidence of skill development including training certification etc. Outputs Expected: Cyber Security Monitoring: Work in accordance with the Playbook / under supervision of the team lead to monitor alerts in the CDC Platform / SIEM Tool. etc. Ensure appropriate response in line with the SLA. Cyber Security Incident Management: Work in accordance with the Playbook under supervision of the team lead to process alerts through analysis triage and resolution. Communicate and escalate as per defined process In accordance with the Playbook under supervision of the team lead complete documentation including annotation in CDC / SIEM work log to ensure audit trail as per defined standards and quality requirements. In accordance with the Playbook under supervision of the team lead ensure that various reports are created and published to stakeholders Continuous Learning innovation and optimization: Ensure completion of learning programs as suggested by Managers Suggest ideas that will help innovation and optimization of processes. Help develop the ideas into proposals. Provide suggestions for playbook upgrade Team Work: Assist junior team members where possible. Skill Examples: User level skills in use of CDC SIEM and other relevant tools. Ability to identify Use Cases Use Case and Process Improvement suggestions to the Team Lead for consideration Excellent logical problem-solving ability and analytical skills for incident triage and analysis Good oral and written communication skills. Continually learn new technology and stay updated on cyber threats. Ability to work in rotating shifts and also be on-call outside of shift hours on a regular and recurring basis. Possess unimpeachable personal and professional integrity. Individuals will be required to submit to a background check. Knowledge Examples: Knowledge Examples 1 to 3 years experience in SOC operations with SOC of global organization. University Degree in Cyber Security (no back papers) / Bachelor\'s in Science or Engineering with training in cyber security Proficient in Cybersecurity Incident Management process. Up to date in cyber security alerts and incidents intermediate understanding of enterprise IT Infrastructure including Networks Firewalls OS Databases Web Applications etc. Understanding of ISMS principles and guidelines relevant frameworks (e.g. ISO27001) Desirable - Training / Certification in Ethical Hacking SIEM Tool etc. Additional Comments: Advanced monitoring of system logs, SIEM tools and network traffic for unusual or suspicious activity. SIEM (Security Information and Event Management): Setting up various SIEM solutions and troubleshooting connectivity issues. Investigate and resolve security violations by providing postmortem analysis to illuminate the issues and possible solutions. Collate security incident and event data to produce monthly exception and management reports. Report unresolved network security exposures, misuse of resources or noncompliance situations using defined escalation processes. Develop and maintain documentation for security systems and procedures. Recommend, schedule and/or apply fixes, security patches and any other measures required in the event of a security breach. Analysis and review of logs and cyber event alerts Investigate suspicious security event activity, security breaches and other cyber security incidents Assess damage, document findings and recommendations Work with security team to perform tests and uncover network vulnerabilities Maintain and enforce adherence to corporate procedures, standards and policies Maintain and update functionality and procedures of the documentation Keep up to date with latest security information and threat intelligence Research the latest information technology (IT) security trends Validate security analysis and identify latest capabilities of the monitoring technologies Research and understand the currently published vulnerabilities of enterprise hardware, software, operating systems, appliance, and applications etc Gather and distribute technical information pertaining to new security threats and vulnerability trends Produce reporting and documentation to customers, internal team and management Experience & Qualifications Required Experience working with different Siem vendors like Qradar, Archsight, RSA, Logrythem Experience in incident response, writing procedures runbooks and playbooks Ability to work with customer\'s IT and security teams as well as directors\' level.

foundit