IT CoE SEC SOC Network

Job Description

• Perform reactive incident analysis to conclusion or prepare it for escalation when needed
• Document the incident analysis to ensure a swift handover to l3 or other incident responders
• Effectively identify threats by performing relevant research and data analysis.
• Transmit security incidents to the appropriate teams for remediation and follow up on the incident to resolution
• Assist end users / Local IT Teams / Applications teams / Infrastructure
• Support teams in understanding security issues and applying mitigation strategies..
• Execute deep dives and threat hunts beyond the one-of incident tickets and
• propose corrective actions.
• Follow up on Cyber Threat Intelligence information and suggest detection use cases.
• Prior experience as a network or system administrator is a sereous plus
• 3+ years experience in a SOC analyst role

Tools:

• Azure Sentinel
• Microsoft KQL
• Micrososft E5 security stack: Defender for Endpoint, Defender for Identity, Defender for O365, Defender for CloudApps Defender for Cloud
• Analysis Skills: Malware incident analysis – ability to interprete sandbox results, perform basic static and maldoc analysis.
• Phising campaigns – ability to interprete email headers
• Good knowledge on TTP’s used by various threat actors (Mitre Att&ck) and how to detect them.
• Ability to create detection hypothesis and the queries to confirm it.
• Ability to spot repeat alerts and to suggest rule tunings
• Ability to follow existing playbooks but also to suggest improvements on them. Must have skills: SAP ABAP Development

KEY SKILLS: Azure sentinel, Splunk

QUALIFICATION: B.Tech/B.E. in Any Specialization

EXPERIENCE: 3 – 8 years