Airtel - Cyber Security Analyst - Security Operations Center

Job Summary:

The Security Operations Center (SOC) Security L-3 Analyst serves in a SOC team, is responsible for conducting information security investigations as a result of security incidents identified by the Level-1 and 2 security analysts who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone).

The L3 SOC Security Analyst is expected to have a solid understanding of information security and computer systems concepts and hands on knowledge of SIEM.

An engineer in this position act as a point of escalation for Level-2 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques.

Job Description :

- Meeting with Customer and requirements gathering.

- Supportive & Non Supportive Log Source integration.

- Rule Base & Log Source Reconciliation.

- Lead in Solution Designing & Optimization in Existing Setup.

- Handling the cases/incidents escalated by L1 & L2.

- Team management & Knowledge sharing sessions.

- 05 years experience of Use Case development and USDM writing.

- Alerts concerned stakeholders of intrusions and potential intrusions and compromises to their IT environment.

- Actively maintain and track of all investigates to the latest in security vulnerabilities, advisories, incidents, and penetration techniques and notifies concerned when appropriate.

- Configuration Review of security devices e.g IPS, IDS, SIEM, Firewall

- Respond to all escalation within time and respond to the client or concerned with proper justification and maintain a full report till incident mitigated.

- Maintain SLA for all reported incidents and resolve within stipulated time.

- Document actions in cases to effectively communicate information internally and to customers

- Respond to needs and questions of customers concerning their access to network resources through their managed device.

- Adhere to business policies, procedures, and security practices.

- Resolve problems independently and understand escalation procedure.

- Publish reports/dashboards to applicable teams as per agreed schedule.

- Maintaining a up to date Threat intelligence report and create use cases based on the latest Intel report and help threat hunting team.

Skills and qualifications

- Bachelor Degree in a related domain

- Understanding of Incident Response framework and procedure

- Minimum 10 years of experience in Information Security and relevant 06-07 years of experience in security operations center (SOC).

- Having relevant certificate GCIH, CEH, CHFI will be an advantage and will be given preference

- Deep Knowledge of Common internet Protocols and internet applications

- Understanding of security Controls and network arch

- Deep knowledge of SIEM tool configuration, deployment, administration, building use cases and maintaining up to date configuration

- Deep Understanding of TCP/IP, Network Analysis and different typs of logs.

- Deep understanding tools like Wireshark, Endpoint tools, Incident response frameworks and good understanding of common hacking technique.