- Creation of supporting SOPs in line with policy requirements.
- Integration of all new devices (on-premise and AWS cloud) with SIEM.
- Experience in threat hunting, red teaming, and cyber drills.
- Monitoring the status of device integration and supporting teams to ensure smooth operation in case of any breakage.
- Support teams for defining SOPs and performing triage.
- Ensuring the functioning of the SIEM tool and related processes as per the mentioned requirements.
- Reporting computer security events in accordance with established processes and procedures.
- Coordinate with system owners and other departments (IDC/NOC/TOPS/Enterprise IT) as needed to analyze events and drive necessary requirements for closure.
- Support ongoing analysis and response of computer security incidents by SOC (Monitoring) Team.
- Creation of new use cases/reports as per business requirements.
- Creation of new use-cases specific to the banking environment.
- Creation of new dashboards in the SIEM console as per requirements.
- SIEM tickets closure.
- Drive key security operations responsibilities (e.g., secure code review, configuration review).
Experience / Job Competencies / Success Factors:
- 10+ years of technical experience working in a SOC or incident response, preferably with BFSI sector experience, especially in banking.
- Experience with one or more Security Information and Event Management (SIEM) solutions, especially with Dnif.
- In-depth understanding of security threats, threat attack methods, and the current threat environment.
- Experience in security monitoring, Incident Response (IR), security tools configuration, and security remediation.
- Excellent troubleshooting and analytical skills with the ability to articulate and propose security solutions in business terms.
- Ability to multitask in a fast-paced environment.
- Provide support for audit and compliance requirements within defined timelines.
- Must be comfortable working in a fast-paced environment with tight deadlines and changing priorities.
- Understanding of network protocols, network capture/analysis tools such as Wireshark.
- Understanding of Linux and Windows operating systems and OS event logging.
- Experience working with AWS environments.
- Comfortable working with different security solutions in a diverse IT infrastructure environment, including:
- FireEye network APT, Palo Alto Firewalls, WAF - F5, HIPS - TrendMicro, PIM - CyberArk, Qualys Vulnerability Scanner, TrendMicro Endpoint security suite and APT, Honey Pot-Smokescreen.
- Experience in developing production SIEM use cases.
- Ability to work non-core hours (swing or night shift) if necessary.
- Certifications: Security+, CEH, CISSP, SANS Course of Incident Response, Digital Forensics.
