Airtel - Cyber Security Analyst - Security Operations Center

Job Summary:

The Security Operations Center (SOC) Security L-2 Analyst serves in a SOC team, is responsible for conducting information security investigations as a result of security incidents identified by the Level-1 security analysts who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone).

The L2 SOC Security Analyst is expected to have a solid understanding of information security and computer systems concepts and should be ready to work in shifts.

An engineer in this position act as a point of escalation for Level-1 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques.

Job Description:

- Responsible for conducting information security investigations as a result of security incidents identified by the Level 1 security analyst who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone),

- Act as a point of escalation for Level-1 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques.

- Should have experience in Developing new correlation rules & Parser writing

- Experience in Log source integration

- Act as the lead coordinator to individual information security incidents.

- Mentor security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks (tools, techniques, Procedures) in support of technologies managed by the Security Operations Center.

- Document incidents from initial detection through final resolution.

- Participate in security incident management and vulnerability management processes.

- Coordinate with IT teams on escalations, tracking, performance issues, and outages.

- Works as part of a team to ensure that corporate data and technology platform components are safeguarded from known threats.

- Communicate effectively with customers, teammates, and management.

- Prepare Monthly Executive Summary Reports for managed clients and continuously improve their content and presentation.

- Provide recommendations in tuning and optimization of security systems, SOC security process, procedures and policies.

- Define, create and maintain SIEM correlation rules, customer build documents, security process and procedures.

- Follow ITIL practices regarding incident, problem and change management.

- Staying up-to-date with emerging security threats including applicable regulatory security requirements.

- Maintain an inventory of the procedures used by the SOC and regularly evaluate the SOC procedures and add, remove, and update the procedures as appropriate

- Publish weekly reports to applicable teams

- Generate monthly reports on SOC activity

- Secondary skills like AV, HIPS, DCS, VA/ PT desirable

Required Technical Expertise

- Must have experience in SIEM Management tool (QRADAR)

- Should have certifications like, ITIL, CCNA, CEH, VA (Product) Certification, CISM

- Process and Procedure adherence

- General network knowledge and TCP/IP Troubleshooting

- Ability to trace down an endpoint on the network, based on ticket information

- Familiarity with system log information and what it means

- Understanding of common network services (web, mail, DNS, authentication)

- Knowledge of host based firewalls, Anti-Malware, HIDS

- General Desktop OS and Server OS knowledge

- TCP/IP, Internet Routing, UNIX / LINUX & Windows NT