Team lead-soc
Posted: Dec. 22, 2022, 5:53 a.m. - Full Time - AhmedabadSecurity Utilize state of the art technologies such as host forensics tools (FTK/Encase), Endpoint
Detection & Response tools, log analysis (Sentinel) and network forensics (full packet capture
solution) to perform hunt and investigative activity to examine endpoint and network-based
data
· Conduct malware analysis, host and network, forensics, log analysis, and triage in support of
incident response
· Recognize attacker and APT activity, tactics, and procedures as indicators of compromise (IOCs)
that can be used to improve monitoring, analysis, and incident response
· Develop and build security content, scripts, tools, or methods to enhance the incident
investigation processes
· Lead Incident Response activities and mentor junior staff
· Work with key stakeholders to implement remediation plans in response to incidents
· Effectively investigative and identify root cause findings then communicate findings to
stakeholders including technical staff, and leadership
· Author Standard Operating Procedures (SOPs) and training documentation when needed
· Generates end-of-shift reports for documentation and knowledge transfer to subsequent
analysts on duty
· Should be comfortable to be part of 24*7 SOC services.
Minimum 5-8 years in an Incident Responder/Handler role · Strong experience in SIEM (Security Incident and Event Monitoring) processes and Products (e.g., Microsoft Sentinel, Splunk etc.) · Full understanding of Tier 1 responsibilities/duties and how the duties feed into Tier 2. The ability to take lead on incident research when appropriate and be able to mentor junior analysts · Advanced knowledge of TCP/IP protocols · Knowledge of Windows, Linux operating systems · Knowledge of Intrusion Detection Systems (IDS) and SIEM technologies; Splunk or Sentinel experience · Deep packet and log analysis · Some Forensic and Malware Analysis · Cyber Threat and Intelligence gathering and analysis · Bachelor’s degree or equivalent experience · Knowledge and experience with scripting and programming (Python, PERL, etc.) are also highly preferred · Process improvement, project management, ISO, six sigma certifications are preferred