Airtel - Cyber Security Analyst - Security Operations Center (10-15 yrs)
The Security Operations Center (SOC) Security L-3 Analyst serves in a SOC team, is responsible for conducting information security investigations as a result of security incidents identified by the Level-1 and 2 security analysts who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone).
The L3 SOC Security Analyst is expected to have a solid understanding of information security and computer systems concepts and hands on knowledge of SIEM.
An engineer in this position act as a point of escalation for Level-2 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques.
Job Description :
- Meeting with Customer and requirements gathering.
- Supportive & Non Supportive Log Source integration.
- Rule Base & Log Source Reconciliation.
- Lead in Solution Designing & Optimization in Existing Setup.
- Handling the cases/incidents escalated by L1 & L2.
- Team management & Knowledge sharing sessions.
- 05 years experience of Use Case development and USDM writing.
- Alerts concerned stakeholders of intrusions and potential intrusions and compromises to their IT environment.
- Actively maintain and track of all investigates to the latest in security vulnerabilities, advisories, incidents, and penetration techniques and notifies concerned when appropriate.
- Configuration Review of security devices e.g IPS, IDS, SIEM, Firewall
- Respond to all escalation within time and respond to the client or concerned with proper justification and maintain a full report till incident mitigated.
- Maintain SLA for all reported incidents and resolve within stipulated time.
- Document actions in cases to effectively communicate information internally and to customers
- Respond to needs and questions of customers concerning their access to network resources through their managed device.
- Adhere to business policies, procedures, and security practices.
- Resolve problems independently and understand escalation procedure.
- Publish reports/dashboards to applicable teams as per agreed schedule.
- Maintaining a up to date Threat intelligence report and create use cases based on the latest Intel report and help threat hunting team.
Skills and qualifications
- Bachelor Degree in a related domain
- Understanding of Incident Response framework and procedure
- Minimum 10 years of experience in Information Security and relevant 06-07 years of experience in security operations center (SOC).
- Having relevant certificate GCIH, CEH, CHFI will be an advantage and will be given preference
- Deep Knowledge of Common internet Protocols and internet applications
- Understanding of security Controls and network arch
- Deep knowledge of SIEM tool configuration, deployment, administration, building use cases and maintaining up to date configuration
- Deep Understanding of TCP/IP, Network Analysis and different typs of logs.
- Deep understanding tools like Wireshark, Endpoint tools, Incident response frameworks and good understanding of common hacking technique.
This job opening was posted long time back. It may not be active. Nor was it removed by the recruiter. Please use your discretion.