Responsibilities:
- Act as the primary point of contact for incident escalations from Tier 1/2 analysts.
- Act as technical contributor during major security incidents contributing to improvement in the team’s capability.
- Lead the investigation and response to security incidents, leveraging advanced technical skills and threat intelligence.
- Triage security alerts, perform in-depth analysis to determine root cause and impact, and develop effective containment and remediation strategies.
- Develop and execute incident response plans, ensuring proper communication and documentation throughout the incident lifecycle.
- Work in a ‘business hours + rostered on-call’ environment
- Utilize SIEM (Security Information and Event Management) and other security tools to identify and analyze potential threats.
- Develop and fine-tune security rules and correlation logic to improve threat detection capabilities. Maintain detailed documentation of security incidents, investigations, and response actions.
Requirements:
- 5-7 years of experience in a SOC or security analyst role.
- Proven track record of successfully identifying, analyzing, and responding to security incidents.
- Strong background in formulation and execution of threat hunt scenarios and the development of subsequent use cases to uplift detection capability.
- Experience working on any of the scripting languages such as Python etc.
- Relevant industry certifications such as GIAC Certified Incident Handler (GCIH), Certified Information Systems Security Professional (CISSP), or CompTIA Security or Vendor certs are highly desirable.
- In-depth knowledge of Sentinel, Splunk, CrowdStrike, Securonix, LogRhythm, Rapid7 MS Defender, other Threat centric tools, IDS/IPS, email security, vulnerability scanners and other security technologies.
- Detection and mitigation strategies for a broad range of cyber threats, including malware, DDOS, hacking, phishing, lateral movement and data exfiltration.