Job Description
- Perform reactive incident analysis to conclusion or prepare it for escalation when needed
- Document the incident analysis to ensure a swift handover to l3 or other incident responders
- Effectively identify threats by performing relevant research and data analysis.
- Transmit security incidents to the appropriate teams for remediation and follow up on the incident to resolution
- Assist end users / Local IT Teams / Applications teams / Infrastructure
- Support teams in understanding security issues and applying mitigation strategies..
- Execute deep dives and threat hunts beyond the one-of incident tickets and
- propose corrective actions.
- Follow up on Cyber Threat Intelligence information and suggest detection use cases.
- Prior experience as a network or system administrator is a sereous plus
- 3+ years experience in a SOC analyst role
Tools:
- Azure Sentinel
- Microsoft KQL
- Micrososft E5 security stack: Defender for Endpoint, Defender for Identity, Defender for O365, Defender for CloudApps Defender for Cloud
- Analysis Skills: Malware incident analysis – ability to interprete sandbox results, perform basic static and maldoc analysis.
- Phising campaigns – ability to interprete email headers
- Good knowledge on TTP’s used by various threat actors (Mitre Att&ck) and how to detect them.
- Ability to create detection hypothesis and the queries to confirm it.
- Ability to spot repeat alerts and to suggest rule tunings
- Ability to follow existing playbooks but also to suggest improvements on them. Must have skills: SAP ABAP Development
KEY SKILLS: Azure sentinel, Splunk
QUALIFICATION: B.Tech/B.E. in Any Specialization
EXPERIENCE: 3 – 8 years