Job Description:

We are looking for proactive enthusiastic candidates to join our existing SOC Team which is a complete WFH Model. We are 24*7* 365 SOC Team, handles various clients across the globe and we are exploring the candidates with below qualifications to fulfill our current positions

• The person in this role is expected to own and lead end-to-end security Incident Management. It is expected that the person effectively leads various incident management phases and coordinates with internal and external stakeholders and partners for ensuring process alignment and support across the lifecycle of incidents.
• Utilizes latest and advanced knowledge of SOC Technologies (SIEM, EDR/XDR/NDR, Email Security, AAD Security, Web app security, Network Security, Log Analysis, etc.) across various platforms (end – points, servers, AWS/Azure/GCP cloud) and Operating Systems (Windows, Linux, UNIX, Mac, AIX, etc.) for supporting Incident Management.
• Keeps updated with latest adversary TTPs in the industry and work closely with Engineering team to ensure appropriate detection rules and containment process is in place.
• Ensures that all Incidents are handled appropriately, timely and documented comprehensively as per incident management process and playbooks.
• Comfortable working in various time zones to provide the 24*7 SOC Monitoring to our clients and initiate the WAR Room whenever required and drive the incidents effectively and provide Triage and Remediations steps in Various Azure Products
• Reviews incident management compliance, SLAs and metrics along with security analytics and escalates non-compliance and breach of SLAs with appropriate partners and stakeholders.
• Ensures timely and effective reporting and customized communication of incident trends and metrics.
• Be a very good team player and provide various lessons learned on the incident handled in day to day manner across the team

KEY REQUIREMENTS (Education, Work Experience & Skills)

• Strong Professional Ethics, Effective Communication, Email Etiquette and Very Good Team Player
• Hands-on experience with SOC Technology: SIEM (Sentinel/Splunk/QRadar and other SIEM’s)
• Hands-on experience in EDR/XDR (Microsoft Defender for Endpoint/ CrowdStrike/ Carbon black & Others)
• Hands-on experience with Azure Active Directory Security (Microsoft Identity Protection, Microsoft Defender for Identity / CrowdStrike Identity Protection and other AD Products)
• Minimum 1 to 3 years of enterprise experience in a global SOC (Security Operations Centre) Incident Management role

DESIRABLE

• Certified Ethical Hacker Certifications [CEH]
• Splunk Fundamentals
• Microsoft Certified Cyber Security Certifications
  • Microsoft Certified Azure Fundamentals: SC200, AZ305, SC100, AZ104, AZ500,AZ900,DP900,SC900,AI900