1. Incident Monitoring and Investigation:
- Monitor security incidents using various tools within the SOC.
- Investigate and analyze alerts, logs, and events to identify potential threats.
- Escalate incidents as needed to prevent unauthorized access or harm caused by cybercriminals.
2. Customization and Reporting:
- Create custom dashboards or modify existing ones to visualize security data effectively.
- Fine-tune SIEM (Security Information and Event Management) rules to reduce false positives and eliminate false negatives.
- Generate custom reports to provide insights into security incidents.
3. Incident Resolution and Documentation:
- Resolve security incidents promptly, recommending enhancements to improve overall security.
- Maintain up-to-date documentation of security incidents, analyzing damage and associated risks.
- Collaborate with incident response teams to address security breaches effectively.
4. Threat Intelligence and Proactive Learning:
- Stay informed about new attack patterns, security incidents, and emerging threats.
- Research and monitor security events, identifying potential risks based on log data.
- Continuously learn and adapt to evolving cybersecurity trends and techniques.
5. Network and Log Analysis:
- Understand and evaluate logs from various sources (operating systems, network devices, security tools, etc.).
- Analyze TCP/IP network traffic and event logs to detect anomalies and potential security issues.
Skills and Qualifications:
- Educational Background: A bachelor’s degree in computer science, information technology, or a related field is beneficial.
- Relevant experience in network operations or helpdesk support, along with certifications, may also be considered.
Technical Skills:
- Solid understanding of IT networking and security principles.
- Familiarity with operating systems (Windows, Linux, AIX) and scripting languages (shell, Python, PowerShell).
- Knowledge of security technologies such as SIEMs, WAFs, firewalls, IDS/IPS, AV, EDR, secure cloud access, vulnerability scanning, encryption, FIM, and DLP.
- Experience with incident response and threat analysis.
Certifications (Preferred but Not Mandatory):
- CCNA (Cisco Certified Network Associate)
- Security+
- CyberOps
- CEH (Certified Ethical Hacker) or other industry certifications
Personal Attributes:
- Ethical, curious, and detail-oriented.
- Ability to multitask and monitor various aspects of security simultaneously.
- Adaptability to respond to threats and events promptly.
Notice Period : Immediate to 30 days