Siem monitoring lead

Posted: Nov. 20, 2023, 10:17 a.m. - Full Time - Hyderabad

Job Title: SIEM Monitoring Lead / Sr. Incident Response

Location: Hyderabad (Work from Office) Position Type: Full-time Job Summary:

As a Sr. Incident Response Leader at Cloud4C, you will be at the forefront of defending our clients' networks and systems against cyber threats. Your role will encompass SIEM rule analysis, the creation of new rules to enhance threat detection, managing incident response "war rooms," and acting as the incident commander during critical security incidents.

Key Responsibilities:

  1. Team Leadership:
  2. Lead, mentor, and empower a team of incident responders and analysts.
  3. Foster a collaborative and high-performance culture within the incident response team.

  4. SIEM Rule Analysis and Management:

  5. Analyze existing SIEM rules to optimize threat detection and minimize false positives.
  6. Create and implement new SIEM rules to address emerging threats and vulnerabilities.

  7. Incident Response Leadership:

  8. Serve as the incident commander during critical security incidents, coordinating response efforts across teams and stakeholders.
  9. Establish and manage incident response "war rooms" to facilitate real-time communication and decision-making during incidents.
  10. Leading client specific cyber drills and providing SME support for the same.

  11. Incident Detection and Analysis:

  12. Utilize IBM QRadar, Azure Sentinel, and open source SIEM solutions to monitor, detect, and investigate security alerts and incidents.
  13. Determine the scope, impact, and severity of security incidents.

  14. Incident Response Planning:

  15. Develop and maintain incident response plans and strategies to effectively contain, mitigate, and eradicate security incidents.
  16. Collaborate with cross-functional teams to ensure coordinated incident response efforts.

  17. Documentation and Reporting:

  18. Maintain comprehensive records of incident investigations, actions taken, and lessons learned.
  19. Generate detailed incident reports for management and clients, including post-incident analysis and recommendations.

  20. Security Tool Management:

  21. Manage and optimize IBM QRadar, Azure Sentinel, and open source SIEM tools to enhance their efficacy in threat detection and response.

  22. Threat Intelligence Integration:

  23. Stay updated with the latest cybersecurity threats and vulnerabilities.
  24. Incorporate threat intelligence into incident detection, analysis, and response strategies.
  25. Compliance and Best Practices:
  26. Ensure compliance with industry standards and regulations related to incident response and cybersecurity.
  27. Promote and enforce best practices in incident response and cybersecurity across the organization. Qualifications: · Bachelor's degree in Computer Science, Information Security, or a related field (Master's degree preferred). · A minimum of 10 years of experience in incident response and cybersecurity. · Professional certifications such as CISSP, CISM, or GIAC are highly desirable. · Strong expertise in using IBM QRadar, Azure Sentinel, and open source SIEM solutions. · In-depth knowledge of SIEM rule analysis, creation, and management. · Exceptional leadership and communication skills. · Proven experience in incident command and coordination during security incidents. · Ability to excel in high-pressure, fast-paced environments.