Cyber Security SOC Lead - Splunk/ Securonix

Cybersecurity SEC Ops Lead

Location- Hyderabad

Experience- 7 to 10 years.

7+ years of experience in delivering Cybersecurity Operations with hands on experience on SOC, Vulnerability Management, EDR tools.

Understanding the Business process of Client and resolving the Security and platform related issues within the SLA.

Responsible for end to end incident response, log analysis and collaborate with other teams to mitigate Security risks

Experience in various joint exercises such as purple teaming, blue teaming & red teaming along with table top exercises.

Perform Gap analysis and advise use cases in accordance with MITRE ATT&CK Framework.

Take up project work to engage, renew and deploy existing or New Security tools.

Suggest and contribute to yearly Cybersecurity Roadmap for the Client and review progress on quarterly basis.

Establish L1/L2/L3 structure for CyberSec operations.

Is part of the technical evaluation panel for hiring Security resources.

Review Pen test reports conducted by 3rd Party agencies, review severity and suggest remediation plans

Oversee Asset reconciliation program on Security tools.

Ensure adherence to MSA and leverage resources accordingly. Define Priority based on business requirement.

Regular Client interactions to understand concerns and channelize team’s efforts accordingly.

Perform Requirement gathering, License Management and devising best possible approach for onboarding new log sources.

Hands on experience with Security products such as SIEM, EDR. Vulnerability Management.

Worked productively together with the Client Information Security departments and teams.

Provide constant technical support for clients to Investigate and resolve the incidents raised based on SIEM logs.

Following ITIL process like Service level Agreement (SLA), Incident ticket, change management, service request, Service Desk.

Attending Daily and Weekly con-call with the Client team and Update the critical issues and the trend.

Preparing monthly, Weekly status reports and share the same to the Client during the reviews.

Experience -

Experience in Design and Architecture of SIEM Platform

Experience of working in large enterprise SOC

Preferably working for an MSSP provider

Understand the log collection methods i.e., pull and push methods

Review end to end SIEM solution

Expert in log & Flow source on boarding

Expert in normalization and log parsing

Security event fine tuning

Knowledge and skill of Logs source Parsing (SPL)

Knowledge and skill of Custom Data source parsing and integration

Create new use case and customize the existing use cases on SIEM

Expert in creating dashboard on the SIEM

Experience deal with commercial and custom application event collection, SIEM integration and onboarding

Strong knowledge of SIEM architecture, administration, and custom development architect SIEM Enterprise, SIEM Enterprise Security and SIEM ITSI

Experience integrating SIEM with heterogenous data sources

Proficient in SIEM query language (SPL) and experienced in developing and supporting custom SIEM search head applications for hyper specific use cases

Strong technical knowledge of, Firewalls and Load Balancing principles

Extensive experience of Agile and DevOps

Ansible, CD tools, particularly Jenkins

Scripting - Linux Shell & Python

Experienced user of Git / GitHub, SIEM Phantom, Syslog-ng and/or syslogs and Confluence

Linux administration (experience on Red Hat flavours desirable)

Understanding of Cyber Security concepts

Experience working with government entities

Previous role in a Cyber Security or CSOC related engineering team

SIEM SOAR playbook creation

SOAR configuration

UBA implementation and administration.

Please consider adding-

Lead incident response efforts during security breaches or incidents, including containment, investigation, and remediation activities. Engagement of forensics

SOC analysis skills ie Trend analysis, pattern recognition?

Able to diagnose root cause. Determine what is a false positive vs true positive?

Awareness of infrastructure. Eg switching, routing, vmware esxi, cloud technologies eg Office 365. Etc etc.

Understanding of security stack, eg mail filtering, application control, DLP etc etc.

Development of response plans.

Awareness of risk management principles. Likelihood, consequence etc etc.

Coaching junior analysts

Also soft skills eg-

Problem solving

Attention to detail

Communication

Leadership

Interested candidate please share resume to