Information Security Team-SOC Manager
Location: NOIDA
2) Education: BE/B. Tech./MCA/MS/M. Tech.3)
Responsibilities:
a) Creation of supporting SOPs inline to the policy requirementsb)
b) Integration of all new devices (on premise and AWS cloud) with SIEM
c) Experience in doing threat hunting, red teaming & cyber drills.
d) Monitoring the status of integration for all devices and supporting teams to ensure nitration in case of any breakage
e) Support team for defining SOPs and performing triage
f) Ensuring functioning of SIEM tool and the related processes as per the mentioned requirements
g) Reporting computer security events, in accordance with established processes and procedures
h) Coordinate with System Owners, and others (IDC/NOC/TOPS/ Enterprise IT) as needed to analyze events and drive necessary requirements for closure
i) Support ongoing analysis and response of computer security incidents by SOC(Monitoring) Team
j) Creation of new use cases/reports as per business requirements.
i) Creation of new use-cases as per specific to banking environment
ii) Creation of new dashboards in SIEM console as per requirement"
iii) SIEM tickets closurek) Drive key security operations responsibility (eg. Secure code review, Configuration review etc.)
4) Experience / Job Competencies / Success Factors :
a) 10+ years technical experience working in a SOC or incident response. Experience working with BFSI sector and specially Bank on similar role preferred
b) Experience with one or more Security Information and Event Management (SIEM) solutions specially with Dnif
c) In-depth understanding of security threats, threat attack methods and the current threat environment
d) Experience in security monitoring, Incident Response (IR), security tools configuration and security remediation
e) Must have excellent troubleshooting and analytical skills. Must be able to clearly articulate and propose security solutions in business terms. Must be able to multitask in a fast-paced environment.
f) Provide Support for audit and compliance requirements within defined timelines
g) Must be able to work in a fast-paced environment with tight deadlines and changing priorities
h) Understanding of network protocols, network capture/analysis tools such as Wireshark.
i) Understanding of Linux and Windows operating systems and OS event logging
j) Understanding of working with AWS environment
k) Must be comfortable working with different type of security solutions in a diverse IT infrastructure environment like :
i) FireEye network APT, Paloalto Firewalls, WAF - F5, HIPS -TrendMicro, PIM- Cyber Arc, Qualys Vulnerability Scanner, TrendMicro Endpoint security suite and APT , Honey Pot-Smokescreenl) Experience in developing production SIEM use casesm) Ability to work non-core hours (swing or night shift) if necessaryn) Security + or CEH, CISSP, SANS Course of Incident Response, Digital Forensics
