- SOC Specialist will participate in operation that supports monitoring and is directly responsible for responding to security events. He will provide a technical escalation point during Security Incidents, establishing extent of threat, business impacts and then advising and performing the most suitable course of action to contain and remedy the incident. SOC specialist will maintain a good knowledge of the threat landscape, helps enhance current techniques and provides support in the identification of new methods of detecting threats. He will perform detailed analysis of security events, using analytical skills and advanced knowledge of IT security and network threats.
- Will work on SOC monitoring and able to administer any of the SIEM tools like ArcSight, Logrhythm, Rapid7 IDR, Qradar, Splunk
- Analyst will monitor network security events and take appropriate action based on security policy, also assist with security related issues.
- Responsible for troubleshooting security device related issues.
- Reviewing reports to ensure quality and accuracy
- Will be responsible to perform analysis of log files, forensic analysis of system resource access.
- Responsible for performing analysis of security logs in an attempt to detect unauthorized behavior.
- Responsible for taking action on alerts, events, and incidents.
- Triage malware incidents, their priority and the need for escalation.
- Monitoring for emerging threat patterns and vulnerabilities
- Assists with patching recommendations and workarounds for zero-day threats
- Coordinates with other external stakeholders and vendors.
- Communicates with management on incident updates
- Able to run down an incident from start to finish without higher level supervision
- He/She will have 3-5 years of relevant experience in SIEM tools and technologies, expertise in ITIL process including incident response and triage.
- Good analytical skills and triage
- Expertise in ITIL processes
- CCNA / Security+/ Network+ CEH certified / SIEM technology certified (optional) (ArcSight, Qradar, Splunk, McAfee Nitro).
- Will have good understanding of common network services (web, mail, FTP, etc.), network vulnerabilities, and network attack patterns.