- Recognizes successful / potential intrusions and compromises through review and analysis of relevant event detail information.
- Launch and track investigations to resolution. Recognizes attacks based on their signatures. Differentiates false positives from true intrusion attempts.
- Respond in a timely manner (within documented SLA) to support, threat and other cases
- Proactive monitoring for security threats and events
- Developing correlation/content/use cases for Splunk/QRadar monitoring and incident triggers.
- Alerts concerned stakeholders of intrusions and potential intrusions and compromises to their IT environment.
- Ability to work on and providing remediation plan for security incidents.
- Conduct vulnerability assessment and compliance Scan for OS, network, web applications and followup closure of identified gaps.
- Provide recommendations and implement changes to optimize SIEM Tool detection capabilities
Required Technical Skill Set:
- Security information and event management (SIEM) tools
- Splunk/QRadar and Vulnerabilities management (Nexpose).
Must - Have Technical Competencies:
- 3-5 years of experience working in SOC environment.
- Hands on experience with incident analysis and Deep understanding of Windows internals.
- Good understanding of various attack methods, vulnerabilities, exploits, malware.
- Ability to develop remediation plans based on organizational needs and priorities.
- Excellent understanding of Splunk/QRadar SIEM Console
- Good understanding of networking and network security technologies (IDS, Firewall, Anti-Virus, Web-Proxy, DLP, HIPS, Vulnerability tools ).
- Expertise and experience of conducting VAPT (Vulnerability Assessment and Penetration Testing) as per standards such as OWASP Top 10, SANS Top 25 and WASC, NIST.
- Deployment and Working experience on Rapid7 Nexpose vulnerability management Tool.
- Working knowledge and understanding of security compliance like NIST, PCI-DSS.
- Ability to maintain working relationships with diverse stakeholders
- Should also have experience in developing content/use cases for Splunk/QRadar monitoring.
- Demonstrated skill in troubleshooting - ability to provide resolution and/or workarounds to complex problems.
- Ability to think analytically and understand dependencies in connected systems
- Excellent written and oral communication skills.
- Scripting knowledge in PowerShell, general batch/shell scripting
- Working Knowledge on tools like IDS, Firewall, Anti-Virus, Web-Proxy, DLP, HIPS, Vulnerability tools (Nexpose)
Note: Interested candidates can share their CV to firstname.lastname@example.org. Please mention the Job ID while sharing your CV.