SOC Analyst - Incident Management

Role : SOC Analyst Experience : 5 years Location : Bangalore (Work from Office) Primary Responsibilities : Incident Response and Investigation : - Deep-dive incident analysis to determine root cause and impact. - Conduct thorough investigations into security incidents, including malware analysis, network traffic analysis, and log analysis. - Develop and implement effective incident response plans and procedures. - Collaborate with other security teams to coordinate incident response activities. Threat Hunting and Proactive Security : - Actively hunt for threats and vulnerabilities within the organization's network and systems. - Utilize threat intelligence and security analytics to identify and mitigate potential risks. - Develop and implement advanced threat hunting techniques and tools. SIEM Administration and Optimization : - Administer and maintain SIEM solutions (e.g., Splunk, QRadar). - Fine-tune SIEM rules and alerts to improve detection capabilities and reduce false positives. - Perform SIEM upgrades, troubleshooting, and configuration changes. - Develop custom searches, reports, and dashboards to enhance security monitoring and analysis. Log Analysis and Correlation : - Analyze logs from various sources (e.g., firewall, IDS/IPS, network devices, servers) to identify anomalies and security threats. - Correlate log data to identify complex attack patterns and security incidents. Security Tool Management : - Manage and maintain security tools such as vulnerability scanners, intrusion detection systems, and endpoint security solutions. - Configure and optimize security tools to maximize their effectiveness. Automation and Scripting : - Develop and implement automation scripts (Python, PowerShell, Bash) to streamline security tasks and improve efficiency. - Automate routine security tasks, such as vulnerability scanning, patch management, and incident response. Required Skills and Experience : Technical Skills : - Deep understanding of SIEM technologies (e.g., Splunk, QRadar) - Strong knowledge of network protocols (TCP/IP, HTTP, DNS) and network traffic analysis - Proficiency in scripting languages (Python, PowerShell, Bash) - Experience with ELK Stack (Elasticsearch, Logstash, Kibana) - Strong understanding of Windows, Linux, and network environments - Experience with security tools (e.g., vulnerability scanners, IDS/IPS, endpoint security solutions) - Knowledge of cloud security concepts and platforms (AWS, Azure, GCP) Soft Skills : - Strong analytical and problem-solving skills - Excellent communication and interpersonal skills - Ability to work independently and as part of a team - Strong attention to detail - Passion for cybersecurity and continuous learning Desired Certifications : - CISSP - CISM - CISA - Security (ref:hirist.tech)

Location: bangalore, IN

Posted Date: 11/21/2024