Cyber Security

• Lead and manage Security Operations Centre in an MSSP environment • Ensure incident identification, assessment, quantification, reporting, communication, mitigation, and monitoring • Ensure compliance to SLA, process adherence and process improvisation to achieve operational objectives • Revise and develop processes to strengthen the current Security Operations Framework, review policies and highlight the challenges • Responsible for team resources, overall use of resources and initiation of corrective action where required for Security Operations Center • Creation of weekly, monthly, quarterly reports, dashboards, metrics for SOC operations and presentation to client and Sr. Mgmt. • Interface both internal & external audits of the Security Operations Center (SOC) • Ensure incidents and investigations are thoroughly documented for the purposes of facilitating record keeping, process improvement, lessons learned, trend analysis, and senior leadership reporting • Conduct regular review with customer stakeholders, build and maintain positive working relationships with them • Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities. Isolate and remove malware. • Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings). • Provide daily summary reports of network events and activity relevant to cyber defense practices. • Receive and analyse network alerts from various sources and determine possible causes of such alerts. • Notify designated managers, cyber incident responders and articulate the event's history, status, and potential impact for further action in accordance with the organization's incident response plan. • Analyse and report system security posture trends. • Assess adequate access controls based on principles of least privilege and need-to-know. Work with stakeholders to resolve computer security incidents and vulnerability compliance. • Creating SIEM correlation rules, custom reports, integrating threat intelligence feeds • Administer, manage, configure, maintain, and support Security devices like Firewall, IDS/IPS, Proxies, Mail Gateways etc. • Onboarding new customers in Build and Run and Build and Handover model

Skills:

• TECHNICAL KNOW / HOW - • Understanding of how operating systems work and how exploitation works for different Operation Systems and applications. • Understanding of network traffic and be able to analyse network traffic introduced by the malware. • Thorough understanding of Windows and Linux Internals • Knowledge of common hacking tools and techniques • Experience in understanding and analysing various log formats from various sources. • Experience in analysing reports generated of SOAR/SEM tools e.g. ArcSight, Elastic SIEM etc