Manager - SOC Admin & Platform Engineer

Genpact (NYSE: G) is a global professional services and solutions firm delivering outcomes that shape the future. Our 125,000+ people across 30+ countries are driven by our innate curiosity, entrepreneurial agility, and desire to create lasting value for clients. Powered by our purpose – the relentless pursuit of a world that works better for people – we serve and transform leading enterprises, including the Fortune Global 500, with our deep business and industry knowledge, digital operations services, and expertise in data, technology, and AI.

Inviting applications for the role of Manager-SOC Admin & Platform Engineer

Genpact is seeking invitations for SOC Admin & Engineering role to support implementation, integration & management of SIEM, SOAR, EDR & other technologies within its environment. The SOC Admin is an internal corporate role responsible for administration, management, configuration, testing and integration of SIEM, SOAR, EDR & other security platform solutions to improve the security value of the organization. A working knowledge of SIEM & other security solutions with relevant experience is required. Should have deeper understanding with some hands-on experience on other enterprise IT infra components such as advanced firewalls, IPS/IDS/WIPS/HIPS, routers/switches, TACACS, VPN, proxy, AV, domain controllers, DNS, DHCP, multi factor authentication, virtualization, Email systems/security, DLP etc. along with cloud environments (AWS, Azure etc.).

Responsibilities

• Align with internal & external needs, threat trends, and operational performance to identify opportunities for improvement/enhancement of the security operations center technologies and integrations.

• Perform system administration for SIEM, SOAR, EDR and ancillary devices.

• Develop, implement, and execute standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the SIEM/SOAR platforms.

• Develop information security and incident response workflows, procedures and best practices and publish them as playbooks in SOAR platform.

• On-board new log sources with log analysis and parsing to enable SIEM correlation.

• Creates and develops correlation and detection rules within SIEM solution (IBM QRadar), reports and dashboards to detect emerging threats.

• Manage, develop, and tune the scripts that integrate SIEM.

• Collaborate with key stakeholders within technology, application, and cyber-Security to develop specific use cases to address specific business needs.

• Collaborate with platform & application owners to define and establish logging standards to address various governance & security requirements.

• Create technical documentation around the content deployed to the SIEM.

• Provides technical support for forensics services to include evidence seizure, computer forensic analysis and data recovery, in support of computer crime investigation. Researches and maintains proficiency in open and closed source computer exploitation tools, attack techniques, procedures, and trends.

• Performs research into emerging threat sources and develops threat profiles. Keep updated on latest cyber security threats.

• Demonstrates strong evidence of analytical ability. Has a broad understanding of all stages of incident response.

• Has a sound understanding of other technologies like PAM, CASB, EDR, Email Security, Secure Web gateway etc. and other threat detection platforms that form part of the broader SOC program.

• Creation of reports, dashboards, metrics for SOC administration KPIs and presentation to senior management & other stakeholders.

• Handling audit related activities with internal and external stakeholders to ensure compliance of policies, adherence of procedures, showcase evidence, and align the observation reports for process improvisations to achieve operational objectives.

• Be prepared to provide a Technical Escalation Point during security incidents, establishing the extent of an attack, the business impacts, and advising on how best to contain the incident along with advice on systems hardening and mitigation measures to prevent a re-occurrence.

• Has a systematic, disciplined, and analytical approach to problem solving with leadership skills.

• Has basic knowledge of audit requirements (PCI, HIPPA, SOX, ISMS etc.)

Qualifications we seek in you!

Minimum qualifications / Experience Requirements

• Relevant years working within the information security field, with emphasis on security platform implementation & administration.

• Bachelors (Graduation) or higher in Computer Science or equivalent.

• Experience with QRadar (preferred) and/or other platforms SIEM systems like SPLUNK, ArcSight.

• Experience with IBM Resilient (preferred) or equivalent SOAR technology like Demisto, Splunk, Service Now.

Technical Experience & Skills Required:

• Excellent understanding and proven hands-on experience in SIEM concepts such as correlation, aggregation, normalization, and parsing.

• Experience with deploying and managing a large SIEM deployment.

• Excellent understanding of enterprise logging standards, with a focus on application logging

• Advanced knowledge of content creation concepts and best practices

• Excellent understanding of regular expressions, development of custom/flex Parsers

• Strong knowledge of frameworks such as Cyber Kill Chain and Adversary Tactics, Techniques and Procedures.

• Experience in Implementation and support of major SOAR platform (preferred – IBM Resilient) and developing playbooks for automation.

• Expertise in writing QRadar searches, QRadar Infrastructure and content use case development, well-versed with IBM QRadar architecture and design

• Experience in QRadar & Resilient Administration and analytics development on Information Security, Triage events, Incident Analysis.

• Hands on exp with information security tools such as SIEMs, FW, IDS/IPS, EDR, Sandboxes, Vulnerability Management, etc.

• Excellent Python and Unix Shell scripting skills

• Understanding of events, related fields in log records and alerts reported by various data sources such as Windows/Unix systems, IDS/IPS, AV, HIDS/HIPS, WAFs, firewalls, and web proxies.

• Excellent understanding of Cyber Security Operations, Incident Response processes.

• Experience in using scripting languages to automate tasks and manipulate data. Programming experience is a plus.

• Experience working in a large enterprise environment and integrating solutions in a multi-vendor environment.

Preferred qualifications

• Security Certifications Preferred (Including but not limited to the following certifications):

• Security+, CEH, OSCP, CISSP, CISM, GIAC GCIH.

• Preferred product specialization certifications on QRadar (SIEM), Resilient (SOAR), Crowdstrike (EDR), Mimecast (Email Security)

Genpact is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color, religion or belief, sex, age, national origin, citizenship status, marital status, military/veteran status, genetic information, sexual orientation, gender identity, physical or mental disability or any other characteristic protected by applicable laws. Genpact is committed to creating a dynamic work environment that values diversity and inclusion, respect and integrity, customer focus, and innovation. Get to know us at genpact.com and on LinkedIn, X, YouTube, and Facebook.

Furthermore, please do note that Genpact does not charge fees to process job applications and applicants are not required to pay to participate in our hiring process in any other way. Examples of such scams include purchasing a 'starter kit,' paying to apply, or purchasing equipment or training.

Schedule:

Travel: