What Success Looks Like In This Role
- Monitor and analyse alerts generated by Google SecOps SIEM, using UDM Search to identify suspicious activities and potential compromises and escalate issues as appropriate
- Conduct proactive threat hunting using chronicle search, threat intel feeds, and entity correlation
- Support log ingestion and normalization using SecOps ingestion tools (Forwarder, Collector, Ingestion APIs, and UDM-based parsers)
- Monitor ingestion pipeline health by validating telemetry flow from Forwarders, Collectors, Ingestion APIs, and thirdparty connectors
- Use SIEM Dashboards to monitor UDM event ingestion metrics, detection volumes, alert counts, IOC activity, and ingestion issues to identify performance degradation
- Continuously track threat intelligence enrichment performance to ensure indicators and context are being correctly applied to alerts.
- Provide the input into SOAR playbooks to reduce analyst toil and automate common response workflows
- Continuously monitors the security alerts queue, triages security alerts
- Monitors health of customer security sensors and SIEM infrastructure
- Collects data and context necessary to initiate Level 2 escalation
- Investigate, document, and report on any security threat issues as well as emerging trends
- Coordinate the containment and eradication of malicious activities with internal and external parties
- Notify appropriate business stakeholders about serious security events, implement security improvements by assessing current situation, evaluating market trends, and anticipating requirements
- Working with Sr. Analyst SOC Operations for monitoring, analyzing logs from various Security/ Industrial appliances using SIEM Tool.
- Log monitoring and Incident analysis for various devices such as Firewalls, IDS, IPS, Windows Servers and Web servers etc.
- Tracking and reporting the configuration changes in routers, switches and firewalls devices using SIEM Tool
- Potential to bring any possible security threats or violation of Security Policy to the notice of the Information Security Manager.
- Understanding security threats, attack scenarios, analysis and intrusion detection skills
- Prioritize security incident through environment awareness and Global Intelligence. Classify incidents by policy and regulatory scope, configuration status management including active services and patch levels.
- Sending Security Alert messages on newly found vulnerability to the concerned Security team and respective customers without fail.
- Escalation and coordination with the other domains for unresolved incidents.
- Responsible for performing monitoring of security events in 24/7 rotational shifts.
- Should be willing to work in 24/7 rotational shifts which includes night shift and weekends
You will be successful in this role if you have:
- A bachelor's degree in computer science, engineering or technology-related field, or equivalent
- Minimum 1-3 years of experience in security domain with exposure to SIEM tools.
- Hands-on experience with SIEM/SOAR platforms; Google SecOps/Chronicle experience preferred.
- Experience performing threat intelligence enrichment using sources like Google Threat Intelligence, Mandiant, and VirusTotal.
- Good understanding of network and security fundamentals and common Internet protocols, specifically DNS, HTTP, HTTPS / TLS, and SMTP
- Highly Energetic and Quick Learner
- Analytical skills, out-of-box thinking
- Good communication skills with positive attitude.
- Willingness to learn new technology platforms
- Knowledge and experience on Python and PowerShell scripting skills are added advantage
- Certifications on Google Security Operation Engineer
Unisys is proud to be an equal opportunity employer that considers all qualified applicants without regard to age, blood type, caste, citizenship, color, disability, family medical history, family status, ethnicity, gender, gender expression, gender identity, genetic information, marital status, national origin, parental status, pregnancy, race, religion, sex, sexual orientation, transgender status, veteran status or any other category protected by law.
Local employment practices and rights may vary by jurisdiction and are subject to applicable local laws. This commitment includes our efforts to provide for all those who seek to express interest in employment the opportunity to participate without barriers.
If you are a US job seeker unable to review the job opportunities herein, or cannot otherwise complete your expression of interest, without additional assistance and would like to discuss a request for reasonable accommodation, please contact our Global Recruiting organization at [Confidential Information]. US job seekers can find more information about Unisys EEO commitment here. 
