Cybersecurity SEC Ops Lead
Location- Hyderabad
Experience- 7 to 10 years.
7+ years of experience in delivering Cybersecurity Operations with hands on experience on SOC, Vulnerability Management, EDR tools.
Understanding the Business process of Client and resolving the Security and platform related issues within the SLA.
Responsible for end to end incident response, log analysis and collaborate with other teams to mitigate Security risks
Experience in various joint exercises such as purple teaming, blue teaming & red teaming along with table top exercises.
Perform Gap analysis and advise use cases in accordance with MITRE ATT&CK Framework.
Take up project work to engage, renew and deploy existing or New Security tools.
Suggest and contribute to yearly Cybersecurity Roadmap for the Client and review progress on quarterly basis.
Establish L1/L2/L3 structure for CyberSec operations.
Is part of the technical evaluation panel for hiring Security resources.
Review Pen test reports conducted by 3rd Party agencies, review severity and suggest remediation plans
Oversee Asset reconciliation program on Security tools.
Ensure adherence to MSA and leverage resources accordingly. Define Priority based on business requirement.
Regular Client interactions to understand concerns and channelize team’s efforts accordingly.
Perform Requirement gathering, License Management and devising best possible approach for onboarding new log sources.
Hands on experience with Security products such as SIEM, EDR. Vulnerability Management.
Worked productively together with the Client Information Security departments and teams.
Provide constant technical support for clients to Investigate and resolve the incidents raised based on SIEM logs.
Following ITIL process like Service level Agreement (SLA), Incident ticket, change management, service request, Service Desk.
Attending Daily and Weekly con-call with the Client team and Update the critical issues and the trend.
Preparing monthly, Weekly status reports and share the same to the Client during the reviews.
Experience -
Experience in Design and Architecture of SIEM Platform
Experience of working in large enterprise SOC
Preferably working for an MSSP provider
Understand the log collection methods i.e., pull and push methods
Review end to end SIEM solution
Expert in log & Flow source on boarding
Expert in normalization and log parsing
Security event fine tuning
Knowledge and skill of Logs source Parsing (SPL)
Knowledge and skill of Custom Data source parsing and integration
Create new use case and customize the existing use cases on SIEM
Expert in creating dashboard on the SIEM
Experience deal with commercial and custom application event collection, SIEM integration and onboarding
Strong knowledge of SIEM architecture, administration, and custom development architect SIEM Enterprise, SIEM Enterprise Security and SIEM ITSI
Experience integrating SIEM with heterogenous data sources
Proficient in SIEM query language (SPL) and experienced in developing and supporting custom SIEM search head applications for hyper specific use cases
Strong technical knowledge of, Firewalls and Load Balancing principles
Extensive experience of Agile and DevOps
Ansible, CD tools, particularly Jenkins
Scripting - Linux Shell & Python
Experienced user of Git / GitHub, SIEM Phantom, Syslog-ng and/or syslogs and Confluence
Linux administration (experience on Red Hat flavours desirable)
Understanding of Cyber Security concepts
Experience working with government entities
Previous role in a Cyber Security or CSOC related engineering team
SIEM SOAR playbook creation
SOAR configuration
UBA implementation and administration.
Please consider adding-
Lead incident response efforts during security breaches or incidents, including containment, investigation, and remediation activities. Engagement of forensics
SOC analysis skills ie Trend analysis, pattern recognition?
Able to diagnose root cause. Determine what is a false positive vs true positive?
Awareness of infrastructure. Eg switching, routing, vmware esxi, cloud technologies eg Office 365. Etc etc.
Understanding of security stack, eg mail filtering, application control, DLP etc etc.
Development of response plans.
Awareness of risk management principles. Likelihood, consequence etc etc.
Coaching junior analysts
Also soft skills eg-
Problem solving
Attention to detail
Communication
Leadership
Interested candidate please share resume to