Key Responsibilities:
- Experience on supporting multiple clients in a MSSP/ Multi tenancy environment.
- Prioritize critical alert among the false positive alerts and report to the client by providing appropriate recommendations.
- Real- time monitoring, Able to perform analysis/triaging security incident independently and can identify true positive detections without breaching SLA.
- Must need to aware about basic security terminologies such as Cyber Kill chain, MITRE framework, Types of malware/Threats, IOC and IOA.
- Basic Understanding on SIEM architecture, parsing, reports, dashboards and basic troubleshooting of log sources.
- Identify false positives to fine-tune the rules. Need to escalate most triggered use cases for fine- tuning to content Team.
- Knowledge on creating search filter, advance search, quick search. Good expertise on how to search the logs in IBM QRadar.
- knowledge of SOAR and automated response concepts (FortiSoar, XSOAR, or equivalent)
- Threat hunting basics (IOC lookups, anomaly detection)
- Good understanding of network and security devices functionalities.
- Knowledge on preparing of Daily/weekly/monthly reports as per client’s requirement
- Ability to provide technical support/guidance to freshers in the shift.
- Keeping updated with emerging threats and Threat campaigns happening across the globe.
Preferred Industry Experience:
Overall 2-4 years of IT security/Information Security experience.
Have experience in managing SOC monitoring team and working knowledge in any of the SIEM tools like Qradar, LogRhythm or Splunk.