Chronicle Security Consultant

Experience: 4 to 7 years

Responsibilities:

1. Monitor and analyze security events and incidents in real-time using QRadar SIEM.
2. Investigate and respond to security incidents escalated by L1 analysts or detected by QRadar.
3. Perform log analysis and correlation to identify potential security threats and vulnerabilities.
4. Develop and implement SIEM use cases, rules, and alerts to improve the detection and response capabilities.
5. Collaborate with the security operations team to develop and execute incident response plans.
6. Conduct incident investigations, including containment, eradication, and recovery activities.
7. Assist in vulnerability management activities, including scanning, assessment, and remediation.
8. Stay up-to-date with the latest threat intelligence, security technologies, and industry best practices.
9. Provide guidance and support to L1 analysts in handling security events and incidents.
10. Generate reports and metrics on security events, incidents, and SIEM performance.
11. Building of incident reports, advisories and review if SLA has been met for Incident alerting and Incident closure.
12. Update and maintain SOC knowledge base for new security incidents and docs.
13. Review advisories and make necessary detection measures.

Requirements:

1. Proven experience working with SIEM / Sentinel / Chronicle, QRadar SIEM and other security tools.
2. Ability to drive call and summarizing it post discussion.
3. Deep understanding on Windows, DB, Mail cluster, VM and Linux commands.
4. Good Understanding of Firewall, IDP/IPS, SIEM functioning
5. Strong understanding of network protocols, TCP/IP, and security technologies.
6. Familiarity with log analysis and correlation techniques.
7. Knowledge of security incident response methodologies and best practices.
8. Understanding of common security frameworks (e.g., NIST, ISO 27001).
9. Strong analytical and problem-solving skills.
10. Excellent written and verbal communication skills.