Search by job, company or skills

Happiest Minds Technologies

TECHNICAL LEAD - SOC 2

Save
  • Posted a day ago
  • Be among the first 10 applicants
Early Applicant

Job Description

  • Threat Intelligence and Advisory Management

As part of this service, the IBM will perform the following:

Threat Sources Covered

Monitor, aggregate, and analyze threat intelligence and advisories from multiple sources, including but not limited to:

  • Commercial Threat Intelligence Platforms (e.g., Anomali, Recorded Future)
  • Vendor Security Advisories (e.g., Microsoft, Cisco, Palo Alto, Akamai)
  • Government and CERT Alerts (e.g., UAE CERT, US-CERT, ENISA)
  • Threat feeds from SOC and SIEM/SOAR platforms
  • Crowd-sourced threat platforms and Bug Bounty findings (e.g., Bugcrowd)
  • Open-source intelligence (OSINT) sources
  • Dark Web intelligence sources (where applicable)
  • Internal threat hunting findings
  • Partner advisories and industry-specific alerts.

General Service Requirements

  • Maintain continuous monitoring and validation of incoming threat intelligence.
  • Analyse the potential impact of threats on the Groups infrastructure, applications, users, and data.
  • Prioritize threat advisories based on business relevance, criticality, and risk exposure.
  • Provide actionable threat advisories with mitigation recommendations.
  • Integrate threat intelligence outputs with SOC, Incident Response, and Vulnerability Management processes.
  • Ensure threat intelligence-driven response activities are tracked, actioned, and closed.
  • Develop and maintain threat advisory and intelligence playbooks for standardized processes.

Threat Detection and Collection

  • Collect and normalize threat advisories and intelligence feeds.
  • Validate the authenticity and credibility of threat sources.
  • Remove noise and false positives to focus on credible and impactful threats.

Threat Analysis and Prioritization

  • Perform enrichment on threat data using internal telemetry and external datasets.
  • Correlate identified threats with the Groups asset inventory and critical systems.
  • Prioritize threats based on risk to the business (high, medium, low impact).

Threat Advisory Notification and Actioning

  • Prepare clear, actionable threat advisories including:
    • Threat description
    • Potential impact
    • Affected systems/services
    • Recommended immediate and long-term mitigation actions
  • Disseminate advisories to relevant stakeholders (e.g., IT, Security Operations, Business Units).
  • Raise Threat Advisory Tickets (TA Tickets) where action is required.
  • Assign and track closure of mitigation actions within agreed timelines.
Threat Intelligence Playbooks

  • Develop structured playbooks for threat collection, validation, analysis, dissemination, and response.
  • Ensure continuous updating of playbooks based on evolving threat landscapes and operational lessons learned.
  • Align playbooks with MITRE ATT&CK, NIST, and other cybersecurity frameworks where applicable.

Threat Campaign Monitoring

  • Identify ongoing threat campaigns targeting the Groups sector or geography.
  • Provide early warnings on advanced persistent threats (APTs), ransomware groups, and significant actors.
  • Recommend preventive and defensive measures based on observed campaigns.

Threat Hunting Support

  • Use threat intelligence to proactively identify indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs) that could already exist in the environment.
  • Support threat hunting activities based on high-fidelity threat intelligence and emerging threat patterns.

Threat intelligent Platform Management & Operations

  • Perform daily, weekly, and monthly operational health checks.
  • Maintain and update threat intelligence feeds (commercial, open-source, and internal).
  • Perform platform upgrades, patches, and system tuning.
  • Ensure high availability and business continuity configurations are in place.
  • Monitor and manage platform performance and storage utilization.
  • Manage user access, roles, and permissions according to governance policies.
  • Enable role-based dashboards for SOC, IR, Threat Hunting, and Management.
  • Conduct quarterly access reviews.
  • Integrate various threat intelligence feeds (e.g., STIX/TAXII, MISP, ISACs).
  • Validate, de-duplicate, and normalize intelligence data.
  • Prioritize threat indicators based on relevance to the organization.
  • Regular review and curation of feeds for noise reduction and enrichment.
  • Integrate TIP with SIEM (e.g., QRadar, Splunk), SOAR, EDR, firewall, and other security controls.
  • Automate indicator enrichment and correlation in SOC tools.
  • Enable automated blocking of high-confidence IOCs in firewalls or proxy solutions.
  • Develop and maintain integration of playbooks and dataflow documentation.

Cyber Security

More Info

Job Type:
Industry:
Employment Type:

Job ID: 151119953