Soc lead
Posted: Jan. 7, 2023, 5:25 a.m. - Full Time - AhmedabadJob Title Team Lead-SOC Department Cyber Security
Reporting to Head Cybersecurity Operations Location Ahmedabad
Job Objective
through research, threat simulations, threat hunting, and offensive security engagements.
The position of Incident Response is responsible for leading incident response engagements and activating other
teams in case of critical incidents. This role requires hands-on technical expertise and ability to communicate
effectively. In support of these, candidates with extensive forensics, incident response and cyber security
experience are encouraged to apply.
Roles and Responsibilities
· Providing first line response to customer alerts and ensuring internal security teams are alerted
· Responsible for handling day-to day operations to monitor, identity, triage and investigate
security events from various Endpoint (EDR), Network and Cloud security tools and detect
anomalies, and report remediation actions
· Responsible for detecting and responding to security incidents, coordinating cross-functional
teams to mitigate and eradicate threats
· Responsible for triaging security incidents and conducting response actions to detect, contain
and remediate identified security incidents
· Analyze firewall logs, server, and application logs to investigate events and incidents for
anomalous activity and produce reports of findings
· Conduct reviews and analysis of proxy logs, Microsoft Windows and Active Directory logs, and
malicious code to identify, contain, eradicate, and ensure recovery from incidents
· Responsible for handling security incidents reported by third parties or external security
researchers
· Determine root cause analysis and create post-mortem report for security incidents
· Track security events and incidents in SOAR tool
· Develop and document threat driven response playbooks to support security incidents
· Provide knowledge sharing, mentoring, and support of team members
· Maintain current knowledge and understanding of the threat landscape and emerging security
threats
· Assist in the creation and maintain Autodesk Security Response Centre's process and tools
documentation
· Provide support as on-call personal during security incident
· Responsible for working in a 24/7 environment including night shifts and the shifts are decided
based on the business requirement.
· Maintain a high level of confidentiality and Integrity.
· Effectively investigative and identify root cause findings then communicate findings to
stakeholders including technical staff, and leadership
· Author Standard Operating Procedures (SOPs) and training documentation when needed
· Generates end-of-shift reports for documentation and knowledge transfer to subsequent
analysts on duty.
· Should be comfortable to be part of 24*7 SOC services.
Job Requirements
Educational qualifications:
· Bachelor’s degree relevant to Information Technology, Computer Science/Engineering (or equivalent).
· Advanced interpersonal skills to effectively promote ideas and collaboration at various levels of the
organization
· One or more security-related certifications from any of the following organizations: SANS - [GCIH, GCFE,
GCFA], AWS, Azure Cloud security Certifications or equivalent are desired
Experience:
· 4+ years of cyber security experience in incident response
· Technical depth in one or more specialties including: Malware analysis, Host analysis and Digital forensics
· Strong understanding of Security Operations and Incident Response process and practices
· Experience performing security monitoring, response capabilities, log analysis and forensic tools
· Strong understanding of operating systems including Windows, Linux and OSX
· Experience with SIEM, SOAR, EDR, Network, AWS, and Azure security tools
· Experience with IR and Forensic investigations within Cloud environments such as AWS and Azure
· Experience with one or more scripting languages (PowerShell, Python, Bash, etc.)
· Excellent critical thinking and analytical skills, organizational skills, and the ability to work as part of a team
· Excellent verbal and written communication skills
· Should be comfortable to be part of 24*7 SOC service