SOC Analyst - L2 |
Incident Validation, Incident Analysis, Solution Recommendation, Resolve Escalations, VA Tool admin, Maintain Knowledge base, Escalation point for device issue resolution, Patch implementation, Rule base Management, General SOC Administration, Optimization, Scaling, Patching, Rules, Policy, Configurations, Data Retrieval and additional queries as required by the bank. Scheduling/Performing VA Scans, Submission Scan reports, Rectification, Resolve user queries. MITRE Framework.
Qualifications:
- Academics: Engineer (BE/B.Tech)/MCA/ M. Tech/M. E./PhD (Computers/IT/Electronics)
- Certifications Must: CEH/CCNA / CCNA Security and Any SIEM Technical certification
Tool Knowledge: SIEM(RSA Netwitness) , WAF, PAM ANTI-APT, NBAD, Deception (Minimum experience in 2plus tools .
Experience:
- Minimum of 3 years of experience in cybersecurity and SOC
- Proficient in Incident Management and Response
- In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management, etc.
- Responsible for working in a 24x7 Security Operations Center (SOC) environment
- Provide analysis and trending of security log data from a large number of heterogeneous security devices
- Provide threat and vulnerability analysis as well as security advisory services
- Knowledge of various tools such as SIEM, SSL, Packet Analysis, HIPS/NIPS, Network Monitoring tools, Remedy, ServiceNow Ticketing Toolset, Web Security, AV, UBEA, and Advanced SOC
- Required administration skills in SIEM and other security solutions
- Creation of rules and dashboards in the SIEM platform
- Tuning of detections based on SOC input and detection noise
- SIEM upgrades, patches, onboarding of log sources, etc.
- Onboarding of sites in WAF and analysis of packets and logs to identify attack patterns and network issues
- Must have work experience in user onboarding in PAM, troubleshooting access-related issues, and performing DC/DR drills
- Experience in handling sandbox environments and analyzing phishing emails and malicious files
- Correlation of MITRE ATT&CK Framework and Cyber Kill Chain, and performing manual threat hunting