Security Operations Center - SOC

Responsibilities:

• Cyber Security Event Review & Leadership:

  Review cyber security events analyzed by Level 2 security analysts and act as the team lead, serving as the escalation point for detection, response, and remediation activities.

• Monitoring & Guidance:

  Monitor and guide the team in triaging cyber security events, prioritizing them, and recommending/performing appropriate response measures.

• Technical Support:

  Provide expert technical support for various IT teams in response and remediation activities for escalated cyber security events/incidents from L2 analysts and stakeholders.

• Incident Follow-up & Closure:

  Ensure all cyber security incident tickets are followed up diligently until full closure.

• Analyst Guidance & Mentorship:

  Provide clear guidance and mentorship to L1 and L2 analysts in analyzing events and executing response activities.

• Incident Response Expediting:

  Intervene and expedite Cyber incident response and remediation-related activities in case of any delays, coordinating effectively with various teams, including L1 and L2 team members.

• Policy & Best Practice Review:

  Review and provide valuable suggestions during the preparation of information security policies and best practices for client environments.

• SLA & Communication:

  Ensure that all Service Level Agreements (SLAs) and contractual requirements are met in a timely manner, maintaining effective communication with all stakeholders.

• Reporting & Dashboards:

  Review Daily, Weekly, and Monthly dashboard reports and share them with relevant stakeholders, providing clear insights into security posture.

• Documentation & Playbooks:

  Review all security-related documents, update playbooks, and maintain other standard operational procedures to ensure accuracy and relevance.

• System Documentation Validation:

  Validate client systems and IT infrastructure documentation, ensuring all records are current and accurate.

• Knowledge Sharing & Threat Intelligence:

  Share knowledge with team members on current security threats, trends in attack patterns, and new security tools.

• Use Case Development & Validation:

  Review and create new use cases based on emerging attack trends. Validate these use cases through selective testing and logic examination.

• Threat Detection Rule Development:

  Develop and maintain threat detection rules, parsers, and use cases to enhance the SIEM's detection capabilities.

• Security Analytics Understanding:

  Possess a strong ability to understand security analytics and data flows across various SaaS applications and cloud computing tools.

• SIEM Solution Deployment:

  Be capable of deploying SIEM solutions in customer environments.

Required Skills:

• Core SOC Monitoring experience.

• Proficiency with SOC tools such as

  FortiSOAR, IBM QRadar, MS Defender, and Cisco Umbrella

  .
• Strong experience in analyzing malicious traffic and building detections.
• Experience in applications security, network security, and systems security.
• Knowledge of

  MITRE or similar frameworks

  and adversary procedures.
• Expertise with

  SIEM Solutions

  (Securonix / Splunk / Sumologic / LogRhythm / ArcSight / Qradar).
• Strong communication skills, both written and oral, capable of effectively communicating with internal teams and external stakeholders.
• Experience working on SMB & large enterprise clients.
• Good understanding of

  ITIL processes

  , including Change Management, Incident Management, and Problem Management.
• Strong expertise on multiple SIEM tools & other devices found in a SOC environment.
• Good knowledge in firewalls, IDS/IPS, AVI, EDR, Proxy, DNS, email, AD, etc.
• Good understanding of raw Log formats of various security devices like Proxy, Firewall, IDS/IPS, DNS.
• Solid foundational understanding of

  networking concepts

  (TCP/IP, LAN/WAN, Internet network topologies).
• Knowledge of

  regex and parser creation

  .
• Ability to mentor and encourage junior teammates.
• Strong work ethic with good time management skills.
• Coachability and dedication to consistent improvement.

Good to Have:

• Master's degree.
• Relevant certifications like CEH, CISA, CISM.
• Be a key person for developing Thought Leadership within the SOC.