About the job
You would be part of the 24/7 Cyber Security Operations Center (SOC) team with an operational role to detect, prevent, and respond to cyber-attacks. This is a hands-on technical cyber security role with expertise in Security Operations Center and incident response and in the areas of endpoint security, application security, network security or Cloud security.
Role And Responsibilities
- Be part of 24/7 team for cyber security alert monitoring and incident response and be responsible to track and close all alert tickets raised on IT Service Management tool.
- Implementation of the technical controls and configurations on cyber security solutions and appliances in lines with the Security Incident Response procedures laid down by the Cyber Security Manager.
- Must also be able to participate in rotating shifts and must be able to work collaboratively. Having the ability to work outside of normal working hours as required due to critical incidents or emergency calls, will be essential to success in this role
- Assist the Cyber Security manager in the analysis of security breaches to identify the root cause and also to implement preventive measures.
- Support Cyber Security Manager in reviewing and updating the company’s cyber security incident response plan, procedures, playbooks and tactical response guides.
- Perform log event analysis by correlating data from various log sources for threat detection.
- Provide support to Incident Response activities for collecting evidences and in monitoring of mitigation steps.
Knowledge, Skills & Experience
- Bachelor Degree holder with minimum 4 years of relevant experience with minimum 1+ yrs of experience in Azure Sentinel and MS Defender.
- Proficient with Azure Sentinel and MS Defender; focusing primarily on SIEM (security information and event manager) for monitoring, XDR (Extended Detection and Response) for incident response actions.
- Possess knowledge of a Security Operations Center (SOC) operations
- Possess knowledge on log management, logs generated by various applications or appliances of IT infrastructure for SIEM event correlation.
- Ability to define various SIEM use cases based on IT environment for better detection of anomalies
- Working Knowledge on SIEM tools On-Prem (Splunk) and on cloud (MS Azure Sentinel)
- Experience being part of Cyber Security Team which monitors a large geographically dispersed technology environment
- Preferable if the candidate possess any of the MS Certifications AZ-900 and SC-200 / AZ-500