|• 3-5 years of experience in Information Security (SOC)
• Security monitoring experience (atleast 2 years) with one or more SIEM technologies – ArcSight, LogRhythm, Splunk (Preferred)
• Responsible for conducting information security investigations as a result of security incidents identified by the tier 1 security analyst who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone)
• Act as a point of escalation for tier 1 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques
• Act as the lead coordinator for individual information security incidents response
• Mentor security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks in support of technologies managed by the Security Operations Centre
• Document incidents from initial detection through final resolution
• Participate in security incident management and vulnerability management processes
• Participate in evaluating, recommending, implementing, and troubleshooting security solutions and evaluating IT security of the new IT Infrastructure systems.
• May be required to participate in the delivery of service outside core business hours via either on-call functions or within in a 24x7 rotation
• Basic knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise Anti-Virus products
• Experience with web content filtering technology - policy engineering and troubleshooting
• Strong understanding of networking principles including TCP/IP, WANs, LANs, and commonly used Internet protocols such as SMTP, HTTP, FTP, POP, LDAP
• Understanding of programming and scripting such as Python, Perl, Bash, PowerShell, C++
• Knowledge of Firewall, IPS, AV, Proxy, VPN technologies, and routing/switching protocols
• Understanding and knowledge of a broad range of technologies (Windows, Unix, authentication technologies, border networks)
• Works as part of a team to ensure that corporate data and technology platform components are safeguarded from known threats
• Prepare Monthly Executive Summary Reports for managed clients and continuously improve their content and presentation
• Provide recommendations in tuning and optimization of security systems, SOC security process, procedures and policies.
• Define, create and maintain SIEM correlation rules, customer build documents, security process and procedures
• Follow ITIL practices regarding incident, problem and change management
• Staying up-to-date with emerging security threats including applicable regulatory security requirements.
• Other responsibilities and additional duties as assigned by the security management team
• Need to demonstrate a high level of commitment, initiative and motivated self-starter with proven abilities to get the job done.
• Should possess excellent communication skills