Job Purpose:
Ensure L&T Data Center and Customer service business continuity by providing 24/7 L2 Support. Act as escalation point for L1 team and be the SOC POC to customers. Manage security incidents through all phases of the incident response process through to Closure. The role requires working in shift schedule (to cover 24/7).
Roles and Responsibilities:
Handle Escalated incident tickets from L1 Team.
Analyse and investigate security events from various sources; Triage security events and incidents, detect anomalies, and report remediation actions.
Manage security incidents through all phases of the incident response process through to Closure
Using SIEM, Full Packet Capture, Intrusion Detection, Vulnerability Scanning and Malware analysis technologies for even detection and analysis.
Developing knowledge of attack types and fine tuning detective capabilities such as writing
Vendor signatures.
Identifying log sources and examining system logs, which should record sufficient details about the normal activities of the system to allow a history of events to be reconstructed, making use of appropriate forensic techniques and technologies;
Triage on general information security tickets.
Undertake computer forensic investigations. Such as examining running processes, identify
network connections on a host, examining log data, disk imaging and memory capture;
Work in shift based on the shift roster.
Maintain and support the operational integrity of SOC toolsets
Educational Qualifications:
Diploma, BE/B.Tech or Any degree with Computer Science or Electronics & Communication
Relevant Experience:
6-8experience in SOC Analyst role in managing L2 Support team.
Basic Knowledge on Network Traffic and analysis tools like Wireshark, SolarWinds.
Experience with Security Information Event Management (SIEM) tools, creating advanced co-relation rules, administration of SIEM, system hardening, and Vulnerability Assessments.
Knowledge and hands-on experience of implementation and management of IDS/IPS, Firewall, VPN, and other security products.
Should have expertise on TCP/IP network traffic and event log analysis.
Knowledge and hands-on experience with LogRhythm, QRadar, Arcsight, Mcafee epo, Sentinel or any SIEM tool.
Knowledge of ITIL disciplines such as Incident, Problem and Change Management.
Configuration and Troubleshooting experience on Checkpoint, Cisco, Fortigate, PaloAlto and Sonicwall firewalls would be an added advantage.
Professional Certifications like GIAC, CCNP, CEH, Cloud Certification