Security Operations Analyst
Company:
Tamcherry
Location:
Gurgaon, Haryana, India
- Role Description
The ideal candidate should have managed a SOC team of 8+ SOC analysts, is an expert in at least two of the security domains (monitoring & response, data security, application security, endpoint security, network security, perimeter security, cloud security, risk & compliance) and have hands on experience on at least SIEM and two other security technologies (such as SOAR, IPS/IDS, EDR, TI, DLP, CASB, PAM etc.).
Candidate Will Be Expected To
- Microsoft security operations analysts must monitor, identify, investigate, and respond to threats at on-premises / multi-cloud environments by using Microsoft Sentinel
- Microsoft Defender, Microsoft O365 Defender, and third-party security solutions.
- Microsoft security operations analysts collaborate with business stakeholders, architects, identity administrators, Azure administrators, and endpoint administrators to secure IT systems for the organisation.
- Candidates should be familiar with Microsoft 365, Azure cloud services, and Windows and Linux operating systems.
- Must coordinate with all subject matter specialists to address the Incidents. Primarily responsible for onboarding the on-premises/ Cloud servers, Network/Security devices with required use cases with the Sentinel platform.
- Knowledge sharing and training must be provided to L1 technical associates.
- Primarily responsible for directing security event monitoring, management, response, and cyber intelligence.
- Ensuring incident identification, assessment, quantification, reporting, communication, mitigation and monitoring.
- Ensuring compliance to policy, process, and procedure adherence and process improvisation to achieve operational objectives
- Revising and developing processes to strengthen the current Security Operations Framework, Review policies and highlight the challenges in managing SLAs.
- Responsible for the overall use of resources and initiation of corrective action where required for the Security Operations centre.
- Ensuring daily management, administration & maintenance of security devices to achieve operational effectiveness.
- Ensuring threat management, threat modelling, identifying threat vectors and developing use cases for security monitoring
- Creation of reports, dashboards, and metrics for SOC operations
- Good knowledge on AD & Cloud security issues, Must be familiar with SIEM, SOAR, EDR and MDR operations.
- Must have experience in various monitoring tools & must have event hunting capabilities.
- Having skills in DLP and Vulnerability management is added advantage Education and certifications, Science Graduate with 4 to 5 Years of Experience in SOC Management.
- Microsoft Certified: Security Operations Analyst Associate
- Responsible for the security monitoring & log analysis of multi-vendor security solutions
- 24x7 alerts monitoring and tracking Incidents on SIEM and EDR, reporting & escalation, regular SIEM administration, definition and enforcement of network & cloud security policies, research on new security technologies and create roadmap for implementing them in SOC,
- Formulating and implementing monitoring policies, procedures and standards relating to SecOps and security domains network security, data security, cloud security, zero trust, etc.
- Automated response to security incidents (malware infections, un-authorised access, malicious emails, DDoS attacks, etc, together with evaluating the type, nature, and severity of security events (security assurance/security compliance) through the use of a range of security event analysis tools.
- Assess security technologies and data in place to propose relevant Security use cases (mostly from security incidents monitoring perspective)
- Work with SIEM and SOAR technical team to design new security use cases and provide functional requirements.
- Enhance SOC service capabilities and offerings across key security domains and solution areas.
- Deliver security consulting and security implementation projects.
- Engage with potential clients (senior executives) on broad security domain discussions (topics can be related to basics of SecOps processes, Security architecture design, ISO security standards, NIST standards, Threat Intelligence, security analytics, Identity and Access Management, Network security, IDS/IPS, VAPT, etc.)
- Work with CISO/CIO to create a SOC maturity roadmap and then execute it
- Speak at in-house and partner marketing events/webinars on the trending security topics of interest.
The Preferred candidate holding one or more of the industry certifications will be a plus.
- Master’s degree in cyber security or demonstrated interest in the Cyber Security domain 5 + years of Security Operations centre experience.
- Solid understanding of network and computer security, security testing, software security Experience with Windows & *Linux platforms
- Understanding of MITRE ATT&CK and Cyber Kill Chain frameworks
- Scripting skill set (Bash, Python, Ruby, Perl, Powershell) will be considered a plus
- Experience working with SIEM platforms. Minimum one year Azure Sentinel experience is mandatory.
- Strong analytical, critical observation skills
- Willing to follow SOC processes and procedures while maintaining the flexibility to “think outside the box”
- Strong written and oral communication skills
- Collaborative and team focus
- Ability to prioritize tasks.
- Security Certifications (CEH, GCIH, GCIA, CYSA+, Azure Security...) are a plus
- Primary Tools: Microsoft Sentinel (SIEM) & Microsoft Defender (XDR)
The role location is Gurugram.
Shift Schedule: Candidate will begin working in rotation, If required. We are looking for someone who is ready to work in Night Shift and open for 24X7 operations.
Work Culture: Permanent work from Office
Due to the nature of the work, you are required to have on-call duties on weekends.
Remuneration
Competitive to the market.
Interview Process
Approximately 3-4 rounds of interview