As anSOCAnalyst, you will work as part of Meditab Security Operations Center to be the first line of defense. You will use various defense tools to conduct analysis, identify security incidents and violations, help strengthen security controls and work with cross-functional teams with a customer-oriented approach to ensure that a secure workspace is provided to the Meditab workforce.
Required Skills:
- 2 years of Experience in SOC
- Knowledge of current security trends
- Knowledge of TCP/IP Protocols, network analysis, and network/security applications
- Knowledge of common Internet protocols and applications
- Basic knowledge of Windows server and Unix/Linux operating systems
- Strong experience in SIEM platform implementations
- Should have sound technical knowledge in SIEM platform components and applications
- Should have technical problem-solving skills in terms of logging, integration approach and project handling
- Should have good knowledge how infra and application security works in cloud platforms like Azure, AWS, Google, Oracle, etc.
- Should have hands-onincorporating logs or events or flows from cloud into SIEM tools
- Superior written and verbal communication skills, with a keen creative eye for details
- Good working knowledge in MS-Office
Responsibilities:
- Responsible for working in a 24x7 Security Operation Center (SOC) environment
- WorkingonL1/L2 task
- Work with the team in implementing SIEM solution
- Experience in SumoLogic and creating different types of Queries
- Responsible for integration of standard and non-standard logs in SIEM
- Proficient in Incident Management and Response, handling escalations
- Provide analysis and trending of security log data from a large number of heterogeneous security devices.
- Primarily responsible for security event monitoring, management and response
- Ensure incident identification, assessment, quantification, reporting, communication, mitigation and monitoring
- Perform threat management, threat modeling, identify threat vectors and develop use cases for security monitoring
- Creation of reports, dashboards, metrics forSOCoperations and presentation
- Workontriage of alerts generated from SIEM and other related tools maintenance
- Manage security incidents and reportingona timely basis
- Analyze and validate security threats and recommend appropriate countermeasures to minimize the associated risks
- Work with other teams to evaluate, implement and enhance security for infra, hybrid or cloud projects
- Implement and manage SIEM and other security tools
- Ability to handle high pressure situations
- Monitor and analyze logs and alerts from a variety of different technologies across multiple platforms in order to identify and mitigate security incidents affecting the enterprise. This includes analysis of logs from: IDS/IPS. Firewall. Proxies. Anti-virus and end-point protection. Servers and workstations. Cloud security technologies and devices.
- Utilize a variety of security tools and technologies to analyze potential threats to determine impact, scope, and recovery.
- Leverage network security tools and capabilities to support Cyber Threat Monitoring activities.
