Security Operations Center - SOC

Responsibilities:

• Cyber Security Event Review & Leadership: Review cyber security events analyzed by Level 2 security analysts and act as the team lead, serving as the escalation point for detection, response, and remediation activities.
• Monitoring & Guidance: Monitor and guide the team in triaging cyber security events, prioritizing them, and recommending/performing appropriate response measures.
• Technical Support: Provide expert technical support for various IT teams in response and remediation activities for escalated cyber security events/incidents from L2 analysts and stakeholders.
• Incident Follow-up & Closure: Ensure all cyber security incident tickets are followed up diligently until full closure.
• Analyst Guidance & Mentorship: Provide clear guidance and mentorship to L1 and L2 analysts in analyzing events and executing response activities.
• Incident Response Expediting: Intervene and expedite Cyber incident response and remediation-related activities in case of any delays, coordinating effectively with various teams, including L1 and L2 team members.
• Policy & Best Practice Review: Review and provide valuable suggestions during the preparation of information security policies and best practices for client environments.
• SLA & Communication: Ensure that all Service Level Agreements (SLAs) and contractual requirements are met in a timely manner, maintaining effective communication with all stakeholders.
• Reporting & Dashboards: Review Daily, Weekly, and Monthly dashboard reports and share them with relevant stakeholders, providing clear insights into security posture.
• Documentation & Playbooks: Review all security-related documents, update playbooks, and maintain other standard operational procedures to ensure accuracy and relevance.
• System Documentation Validation: Validate client systems and IT infrastructure documentation, ensuring all records are current and accurate.
• Knowledge Sharing & Threat Intelligence: Share knowledge with team members on current security threats, trends in attack patterns, and new security tools.
• Use Case Development & Validation: Review and create new use cases based on emerging attack trends. Validate these use cases through selective testing and logic examination.
• Threat Detection Rule Development: Develop and maintain threat detection rules, parsers, and use cases to enhance the SIEM's detection capabilities.
• Security Analytics Understanding: Possess a strong ability to understand security analytics and data flows across various SaaS applications and cloud computing tools.
• SIEM Solution Deployment: Be capable of deploying SIEM solutions in customer environments.

Required Skills:

• Core SOC Monitoring experience.
• Proficiency with SOC tools such as FortiSOAR, IBM QRadar, MS Defender, and Cisco Umbrella.
• Strong experience in analyzing malicious traffic and building detections.
• Experience in applications security, network security, and systems security.
• Knowledge of MITRE or similar frameworks and adversary procedures.
• Expertise with SIEM Solutions (Securonix / Splunk / Sumologic / LogRhythm / ArcSight / Qradar).
• Strong communication skills, both written and oral, capable of effectively communicating with internal teams and external stakeholders.
• Experience working on SMB & large enterprise clients.
• Good understanding of ITIL processes, including Change Management, Incident Management, and Problem Management.
• Strong expertise on multiple SIEM tools & other devices found in a SOC environment.
• Good knowledge in firewalls, IDS/IPS, AVI, EDR, Proxy, DNS, email, AD, etc.
• Good understanding of raw Log formats of various security devices like Proxy, Firewall, IDS/IPS, DNS.
• Solid foundational understanding of networking concepts (TCP/IP, LAN/WAN, Internet network topologies).
• Knowledge of regex and parser creation.
• Ability to mentor and encourage junior teammates.
• Strong work ethic with good time management skills.
• Coachability and dedication to consistent improvement.

Good to Have:

• Master's degree.
• Relevant certifications like CEH, CISA, CISM.
• Be a key person for developing Thought Leadership within the SOC.