· Validate the Incidents reported by SOC L1 analysts/operators. The standard SLA to be kept for each incident validation is 30 mins.
· Responsible for incident investigation, evidence collection, diagnosis, recovery within defined SLA and closing incidents.
· Understand information security policies and procedures defined in customer environments.
· Interact with concerned external parties/clients to resolve the queries related to the incidents raised.
· Communicate with external teams/client in proper incident resolution.
· Manage the SIEM incidents knowledge base.
· Create report templates in the SIEM tool as defined by SOC lead.
· Generate the daily reports, weekly reports, and monthly reports on time.
· Maintain the timely delivery of reports.
· Provide shift hand over reports as per defined template.
· Ensure confidentiality and protection of sensitive data.
· Educating and mentoring the L1 team.
· Provide technical and functional support to L1 Team with analytical feedback.
· Identify the intrusion attempts if there are any missed by SOC L1 analyst/ operators.
· Support any duties directed from the SOC lead.
· Perform use case testing and review to revoke obsolete use cases.
· Inform SOC lead of proactive and reactive actions to ensure adherence to security policy.
· Review and understand collected metrics from monitoring systems and be aware of patterns and anomalies.
· Highlight gaps in SOPs to SOC lead.
· Escalation of incident to SOC Lead for non-stand incident.
Experience / Job Competencies / Success Factors: –
· 2+ years technical experience working in a SOC and/or cyber security incident response team.
· Ability to analyze captured data to perform incident response and identify potential compromises to customer networks.
· Possesses a solid understanding of the TCP/IP protocol suite, security architecture, and remote access security techniques/products.
· Experience analyzing both log and packet data utilizing standard tools like Wireshark, tcpdump and other capture/analysis tools.
· Ability to perform network-based forensics and log analysis.
· Strong understanding of incident response methodologies and technologies
· Experience with log management and/or SIEM technologies such as Splunk, ArcSight, LogRhythm and the like.
· Experience with network monitoring tools such as RSA Netwitness, Bluecoat Security Analytics and the like is a plus.
· Experience in working in ELK platform is a plus
· Malware analysis and reverse engineering is a plus.
· Must be reliable and able to function as part of a 24×7 operations center.
· Strong communication skills and presentation skills
· Excellent written and verbal English communication skills are required.
· Must be a strong team player with self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalism.
· Demonstrated analytical and problem-solving skills.
· Awareness of frameworks such as MITRE ATT&CK and NIST and how they can be applied effectively within an enterprise.
· Understanding of tools that can be used to assist in investigations; VirusTotal, Passive DNS, WHOIS
· knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise Anti-Virus/EDR/EPP products
· Understanding of programming and scripting such as Python, Perl, Bash, PowerShell, C++
Education Qualification Requirements: –
· Any bachelor’s degree in computer science
· Priority for B. Tech (Computer Science/IT/Electronics/Communication Engineering)
· Mandatory: CEH/CySA+/CHFI (any 2 will do)
· Desirable: SIEM product Certifications /GCIH/GCFI/SANS certifications in DFIR