Job Type: Full-Time
Location: Kolkata/Bangalore/Remote
Remote Work Available
Key Responsibilities:
Security Operations Centre (SOC) Analysis and Monitoring:
- Lead the day-to-day operations of the SOC, overseeing security incident monitoring, detection, analysis, and response activities.
- Develop and maintain SOC playbooks, standard operating procedures (SOPs), and response plans to ensure efficient and effective incident response.
- Investigate security incidents and alerts, perform root cause analysis, and provide recommendations to prevent future occurrences.
- Conduct regular vulnerability assessments, penetration testing, and security audits to identify and mitigate potential threats.
Incident Response and Threat Intelligence:
- Stay up to date with the latest security threats, vulnerabilities, and attack vectors related to various tools and platforms.
- Monitor threat intelligence sources and collaborate with external partners to proactively identify and mitigate potential security risks.
- Lead incident response efforts during security breaches or cyber incidents, coordinating with internal teams and external stakeholders to contain and resolve incidents in a timely manner.
- Conduct post-incident reviews and lessons learned sessions to improve incident response processes and enhance overall security posture.
Security Tool Implementation and Management:
- Evaluate, select, and implement security tools and technologies to enhance the capabilities of the SOC.
- Manage and maintain security tools such as SIEM (Security Information and Event Management) systems, IDS/IPS (Intrusion Detection and Prevention Systems), EDR (Endpoint Detection and Response) solutions, and other relevant security technologies.
- Configure and tune security tools to optimize performance, detection accuracy, and minimize false positives.
- Collaborate with vendors and internal stakeholders to ensure effective integration and interoperability between security tools and systems.
Key Skills Requirements:
Advanced knowledge of Security Operations Center (SOC) operations, incident response, and security monitoring practices.
• Proficiency in utilizing and managing SIEM (Security Information and Event Management) systems, such as Splunk, ArcSight, or QRadar, for log aggregation, correlation, and threat detection.
• Experience in analysing and investigating security incidents, conducting root cause analysis, and recommending remediation actions to mitigate future occurrences.
• In-depth understanding of various security technologies, including intrusion detection/prevention systems (IDS/IPS), network security tools, antivirus/antimalware solutions, and vulnerability management tools.
• Expertise in conducting threat intelligence analysis, leveraging external feeds, open-source intelligence (OSINT), and collaboration with external partners to identify emerging threats and vulnerabilities.
• Familiarity with incident response frameworks and methodologies, such as the NIST Incident Response Framework or the SANS Incident Response Process, to guide efficient and effective incident handling.
• Strong knowledge of network protocols, network traffic analysis, and network security principles to detect and respond to network-based threats.
• Proficient in performing log analysis, packet capture analysis, and malware analysis to identify indicators of compromise (IOCs) and advanced persistent threats (APTs).
• Understanding of cloud security principles and experience in monitoring and securing cloud environments, such as AWS, Azure, or GCP.
• Knowledge of endpoint detection and response (EDR) solutions, such as Carbon Black, CrowdStrike, or Sentinel One, to detect and respond to threats at the endpoint level.
• Proficiency in conducting vulnerability assessments and penetration testing using tools like Nessus, Qualys, or Metasploit, and providing recommendations for vulnerability remediation.
• Familiarity with regulatory compliance requirements, such as GDPR, HIPAA, or PCI DSS, and the ability to ensure SOC processes align with these standards.
• Strong analytical and problem-solving skills to identify patterns, trends, and anomalies in security events and incidents.
• Excellent communication and reporting skills, with the ability to effectively communicate complex security concepts to technical and non-technical stakeholders.
• Collaboration and teamwork capabilities to work effectively with cross-functional teams, including network engineers, system administrators, and security analysts.
• Continuous learning and staying updated with the latest threat landscape, attack techniques, and security technologies through self-study, training, and industry events.
Experience required:
• 12+ work experience in IT industry
• 4+ years relevant experience
Qualifications Required:
• Bachelor’s degree in computer science, Information Security, or a related field. Equivalent industry experience will also be considered.
Excited about this opportunity?
