Job Title:  T&T:Cyber:D&R:SIEM:AM

• 3-5 years of experience in 24x7 (rotating shifts) monitoring at a Security Operations centre  
• Hands-on experience in security tools such as IBM QRadar, FireEye Anti-APT solution 
• Review and triage information security alerts worked by L1, provide analysis, determine and track remediation, and escalate as appropriate  
• Desirable to have experience of SOC Monitoring and tirage using SOAR • Knowledge on XDR can be an added advantage.  
• Knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc. 
• Fundamental understanding of network traffic analysis including TCP/IP, routing, switching, protocols, etc. 
• Reviews the most recent SIEM alerts to see their relevance and urgency. Carries out triage to ensure that a genuine security incident is occurring. Oversees and configures security monitoring tools • Inform L3 team of proactive and reactive actions to minimize false positives  
• Maintain, manage, improve and update security incident process and protocol documentation (Run Book)

• Strong understanding of Windows event log analysis  

• Acts as Security Incident Handler for high-impact cyber security incidents and advanced attacks in accordance with Cyber Kill Chain methodology and incident response process.  
• Conducts malware analysis and identification of Indicators of Compromise (IOCs) to evaluate incident scope and associated impact.  
• Enhances workflow and processes driving incident response and mitigation efforts • Practical understanding of exploits, vulnerabilities, computer network intrusions, adversary tactics, exfiltration techniques and common knowledge  
• Demonstrate proficiency in the Incident Response Process as well as the performance of threat hunting and SOC operations.  
• Log analysis across disparate log sources, prioritize and differentiate between potential intrusion attempts and false alarms  
• Sound understanding of different attack frameworks like Kill Chain & MITRE & ability to utilize them for incident response & reporting.