Responsibilities:

Incident Response:

• Lead the investigation and response to complex security incidents, ensuring proper containment, eradication, and recovery.
• Coordinate cross-team incident response efforts, document lessons learned, and refine response strategies.
• Perform root cause analysis to determine the origin of security incidents and prevent future occurrences.

Security Monitoring and Optimization:

• Monitor and analyse security alerts from SIEM, EDR, and other monitoring tools.
• Fine-tune alerting systems to minimize false positives and improve detection accuracy.
• Integrate new log sources and update monitoring tools as needed to maintain comprehensive visibility.

Log Analysis and Correlation:

• Perform in-depth log analysis, correlating data from various sources (network, endpoints, cloud, etc.) to identify and investigate security incidents.
• Use automation and scripting to streamline log analysis processes.

• Provide mentorship to junior SOC analysts, guiding them on threat detection, analysis techniques, and incident response.
• Develop and deliver training sessions, workshops, and tabletop exercises to improve team skills and readiness.

• Facilitate, optimise, and produce reports on regular patching management process to ensure relevant patches are installed and vulnerabilities remediated according to compliance and internal requirements.
• Analyse and report/present the vulnerabilities to multiple stakeholders for remediation and prioritization.
• Assist in providing support and resolution for scanning and vulnerability remediation reporting issues.
• Maintain intelligence network to discover any reported exploits, zero-day vulnerabilities and its applicability to Organization.
• Monitor open source and commercial threat intelligence for IOCs, new vulnerabilities, software weaknesses, and other attacker TTPs.
• Ensure that system vulnerabilities (new and backlogged) across the enterprise are dealt with in an efficient and timely manner.
• Develop mitigation plans for TTPs, IoCs and Threat Advisories on vulnerabilities.
• Participating and creation of detailed Incident Reports and contribute to lessons learned in collaboration with the appropriate team.
• Knowledge of threat centric framework Cyber Kill chain and NIST Cyber Security Framework.

• Implementation knowledge on SIEM technology (Sentinel/Elastic-Security/Splunk), Vulnerability management tools (NESSUS/Qualys), EDR and SOAR etc.
• Confidence with working in Linux environments and knowledge of AWS, Azure AD and Microsoft 365[E3&E5].
• Strong understanding of threat landscape in terms of the tools, tactics, and techniques of threats employing both commodity and custom malware.
• Knowledge of AWS, Azure and GCP
• Experience in Vulnerability Management and Remediation.
• Experience with tools such as Rapid7, Nessus, Metasploit, Qualys etc
• Must have the ability to work independently with minimal supervision and make sound decisions in high pressure environments.
• Aptitude for learning and applying new skills.