Manager - Captive Operations

Broad outline of the Role

Responsible for managing customer queries related to all services and solutions delivered, including diagnosing, and resolving complex technical issues in Network Firewall Security & Cloud Security domain. The role acts as a conduit between customers and other teams such as engineering, architecture etc. for any issue resolution. This is an operational role, responsible for delivering results that have a direct impact on day-to-day operations and capable of instructing professional or technical staff and reviewing the quality of the work undertaken by these roles.

Minimum Qualifications & Experience:
Graduate with 6-10 years of experience

1. KRAs of the role

This is a core technical IC role which requires candidate to be hands on and ability to deliver the below tasks independently

2. Key Responsibilities

> Ownership of SIEM platform in terms of administration and management (should be currently performing this role)

a. Ensuring platform and service uptime

b. Efficient management of the platform to ensure proper performance.

c. Upgrade and updates (KBs)/ patch as per OEM

d. Platform capacity management

e. Administration and management of underlying Infrastructure Layer

f. Log Source Integration to include development of custom parsers for non-supported log sources

g. Integration with other platforms like Threat Intelligence

h. Configuration of SOAR plugins

i. Advanced troubleshooting of the SIEM platform

j. Problem management. Working closely with OEM

k. Configuration of rules reports and dashboards based on inputs from monitoring team.

l. Documentation of RCAs for major incidents

> Other skills required

a. Ability to interact and manage customer stakeholders in the context of platform management.

b. Good team working skills and communication.

3. Technology and skills

a. SIEM: LogRhythm is mandatory.

b. SOAR: SIEM native of any third party

c. Threat Intelligence and Brand Monitoring

d. Scripting: Regex is mandatory.

e. OS: Windows and Linux (intermediate skills)

f. Good knowledge of security domain is mandatory

4. Role Coverage

a. 5 days in a week morning and afternoon shifts and on demand for any weekend or business non-working days for activities based on customer requirements

5. Experience / Skills/Qualifications

a. Education Qualification - B Tech or BE

b. Certifications: CISSP or CISM

> SIEM product. Log Rhythm is mandatory

> SOAR: LogRhythm or any Product

> NBAD: LogRhythm or any Product