Analyst, SOC

Job Description

TITLE                   : SOC Analyst

DEPARTMENT   : Information Technology

REPORTING TO : Manager, Cyber Security

PURPOSE OF THE POSITION:

The Information Technology (IT) group enables and empowers employees to perform the various business activities on an ongoing basis. Geographically spread across multiple offices, the Information Technology group works seamlessly as a single unit to deliver services to the business on a 24X7 basis. The IT team is expanding its presence in India and we are looking at hiring an SOC Analyst to manage IT security operations for our global network. This is a key role responsible for supporting company’s global security infrastructure working in close coordination with the US onsite team.

Job Responsibilities:

• Perform monitoring and data correlation to events of interest using multiple tools such as system event logs, SIEM, IPS/IDS logs, network traffic, anti-virus console and client end-point software to determine if there is an incident.
• Respond to security incident and investigation requests in line with established processes and procedures within defined service level targets.
• Must have extensive experience in multiple security areas such as SIEM, IDS and APT.
• Drive containment strategy during data loss or breach events.
• Triage and resolve advanced vector attacks such as botnets and advanced persistent threats (APTs).
• Perform basic forensic activities e.g. conducting examinations of computers, system logs, applications and networks to locate evidence.
• Perform Root cause analysis (RCA) for the incidents and update the knowledge management.
• Tuning of IDS, proxy policy, in-line malware tools based on threat feeds, trust and reputation data, incidents, or vulnerabilities and exploits of downstream systems.
• Provide tuning recommendations to administrators based on findings during investigations or threat information reviews.
• Research and stay up-to-date on current security threats and vulnerabilities to relevant information systems

Qualifications Required:

• Bachelor’s degree in Computer Science or related field.
• Should have 3 to 7 years of experience supporting complex global environment.
• Accredited Certification on Incident Handling (CEH, GCIH, ECIH).
• Hands-on investigation and log analysis exposure.
• Experience in IT security and defensive technologies (Antivirus, Firewalls, Event Monitoring, Network and Perimeter devices, Data Loss Prevention, IDS, Web content filtering).
• Should be familiar with handling and mitigating attacks related to viruses, spoofing, hoaxes, malware
• Should be familiar with emerging security threats and their attack vectors especially web application attacks
• Knowledge of SSL/TLS, certificates and encryption methods
• Exposure to security tools (Web application security scanning with Netsparker, Nessus and Tenable Security Center, Snort IDS, Wireshark, Data Loss Prevention software)
• Sound understanding of OS (Unix/Linux, Windows), IPS/IDS, VPN, Firewalls, Application Security.

Interpersonal skills

• Passionate, Self-motivated and driven, with keen attention to detail, action-and-results oriented.
• Excellent interpersonal, verbal and written communication skills as well as strong logical, analytical, problem solving skills and reporting skills.
• Able to prioritize and execute tasks in a high-pressure environment.
• Experience with in a team-oriented, collaborative environment.