Technical requirements:· · Working with (Reporting Relationship) Customers/Internal Product Development Teams/ Vertical Teams What the role entails (Key Responsibilities).
· 24 x 7 Incident Monitoring; Log monitoring, Server Monitoring; Security and Network Device monitoring .
· Manage SIEM and security tools FireEye Helix SIEM and SOAR .
· Identifying & onboarding new log sources to FireEye Helix SIEM, verification, and documentation.
· Perform triage on alerts, understand the extent of the threat, and respond, or if necessary, escalate the incident to higher-tier analysts.
· Investigate suspicious activities and content and prevent them. 6. Follow strict security and SOC guidelines and SOPs.
· Administer and Manage Endpoint tools like EDR, Network, Email APT and DLP 8. Follow best practices to administer and manage tools like EDR, Network, Email APT and DLP.
· Proactively notifying the appropriate business stakeholders in the event of a breach 10. Preliminary threat and vulnerability analysis.
· Investigating, documenting, and reporting on any information security issues and documenting action plans for reducing false positives .
· Review SIEM alerts continuously and determine their relevance and urgency.
· Support other SOC functions by providing requested incident data &reports whenever required .
· Provide feedback for new use cases to senior SOC functions What we are looking for in you (Skills, Knowledge, Special Attributes, Mobility) Able to ensure security defense by monitoring, discovering, and analyzing possible threats.
· Well-versed with hands-on experience on any SIEM tool FireEye Helix, Qradar, Arcsight. Preferably FireEye Helix SIEM. Should be able to provide recommendations to help reduce the impact of breaches and prevent future security breaches.
· Should have Hands-on Experience on any EDR, Network, and Email APT and DLP Must have worked on Symantec or Forcepoint DLP. Must be familiar with techniques for collecting, analyzing, and reporting security data.
· Trained and hold an active certification in at least one of the following: CompTIA Security+, Cisco Certified CyberOps Associate, EC-Council Certified SOC Analyst (CSA) Certified in any SIEM tool.
· Excellent communication skills Working in shifts (24×7 including holidays) Experience in working as part of larger geographic teams and the ability to work in teams with different cultural backgrounds .
· Experience & Education _Qualifications & Critical Exposure to Perform the Job at the Optimum Level.
· Bachelors degree in computer science, Computer Engineering, Information Security, or a related field 2-3 years of experience as a SOC Analyst.