L2 Security Engineer (SOC)

L2 Security Engineer (SOC)

Actively research and stay updated with latest and new cyberattacks, TTPs, threat attackers, vulnerabilities and based on it perform proactive threat hunting in customer environments.

Understand customer environments to develop use cases based on industry, targeted attacks, vulnerabilities, attack vector, threat landscape, TTPs etc., for the scope of monitoring.

Develop identification and documentation of Indicators of Compromise (IOCs).

Ability to perform malware reverse engineering on the detected malware file to investigate and identify its potential entry points.

Perform forensic analysis and investigations leveraging SOC solutions and provide evidence in case of breaches.

Handle security incidents tickets escalated by Level II team, and draft security incident report covering the root cause, forensic evidence, and recommended mitigation plans.

Strong understanding of MITRE ATT&CK framework, and ability to operationalize it for day-day SecOps activities, to develop tactics, techniques, procedures (TTPs) for security analysis and threat hunting.

Review 3rd party threat intel feeds and integrate them into MSS platforms to provide value to our customers.

Identify gaps in existing SOC process and work with team members or other departments to create, modify standard operating procedures, to automate any mundane daily operational activities, ensuring Ops are run efficiently.

Enable regional security analysts to deliver seamless support locally by developing SOC playbooks, relevant and sufficient Knowledge base.

Lead regional security analysts in handling incidents, customer escalations and requests, SLA (Service Level Agreement) requirements.

Required Qualifications : - Essential

Candidate should have at least 5 years of working experience in SOC and MSS environments,

Bachelor's degree in computer engineering, Computer Science, Cyber Security, Information Security, or other equivalents.

Experience in malware analysis for Windows and Linux / Mac.

Excellent hands-on experience in implementations, incident analysis of IBM QRadar, Azure Sentinel SIEM (Security Information and Event Management) technologies.

Hands on experience on any Endpoint Protection (EPP) or Endpoint Detection Response (EDR) technologies. Preferred if CrowdStrike, Microsoft Defender.

Hands on experience on SOAR (Security Orchestration, Automation, and Response) technologies.

Exposure to firewall technologies such as Cisco, Palo Alto, Checkpoint, Fortinet.

Good understanding of WIN, LINUX environments and well versed with basic LINUX commands and troubleshooting, with proven Unix (Solaris, Linux, BSD) experience.

Knowledge of any shell scripting language and applying it to automate mundane operations tasks.

Candidate should have at least one SANS certification. Preferred if that is GCIH

Good understanding of basic network concepts and advantages of exposure to cloud technologies.

Lateral thinking combined with excellent troubleshooting skills, preferably with experience following ITIL standards

Excellent English communication skills (verbal and written) combined with professional telephone manner.

As part of any recruitment process, we collect and processes personal data relating to job applicants. We are committed to being transparent about how we collect and use that data and to meeting our data protection obligations.

#J-18808-Ljbffr