Engineer - II SOC

Minimum 5 years Security Operations Centre experience with a minimum of 4 years hands-on experience with event and incident monitoring and management tools,services and solutions to deliver SOC services.

Experience of providing SOC services in a 24/7/365 service delivery environment with shift rotas.

Perform L2 investigation and triage of alerts from SIEM, EDR, NDR, WAF, and cloud-native security tools.

Respond to and handle security alerts,events and incidents, including but not limited to, phishing, malware, ransomware, account compromise, insider threats, and cloud misuse.

Perform incident containment, remediation coordination, and closure within defined SLAs.

Collaborating with colleagues and key stakeholders within and outside your own department or function to support the delivery of vulnerability remediation and patching.

Supporting SIEM platforms by collaborating on building playbooks that ensure appropriate log source integrations and fine-tuning.

Assist as required, Vulnerability Management engineer, by coordinating and monitoring activities in relevant areas of the VM program such as security patch and remediation management.

Work with Security Engineers to ensure all security tools and solutions are appropriately configured and maintained to provide Security Operations with visibility into assets, environments and users.

Threat Hunting - participate in threat management by supporting the gathering and use of threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the threat landscape

Ensure identified Threats are catalogued, processed and logged with contingent plans agreed with the Security Operations manager

Experience of monitoring and responding to events and incidents using Network

Detection and Response (NDR), EDR/XDR,

Experience with SIEM solutions (Splunk or other),

Demonstrable ability to perform L2 investigation and triage of alerts from SIEM, EDR, NDR, WAF, and cloud-native security tools

Understanding of cloud platforms (AWS, Google Cloud, MS Azure)

Hands-on experience of SOAR and associated solutions (Demisto/InsightConnect/Swimlane/IBM Security Resilient)

Good working knowledge and hands-on experience of cyber defensive and offensive techniques, malware families and adversary tactics, techniques and procedures, MITRE ATT&CK, NIST Frameworks

Monitoring and investigating alerts from cloud-native tools: AWS GuardDuty and

Detect and respond to: IAM abuse, credential compromise, privilege escalation, publicly exposed cloud resources (S3/Blob buckets, databases, APIs) and suspicious API calls and other anomalous cloud activity.

Support remediation of cloud misconfigurations and cloud security best practices

Sound understanding of how Host/Network, IPS/IDS and DLP solutions contribute to protecting an organisation

Working knowledge of AWS / Azure / GCP.

Good understanding of email security and phishing analysis

Knowledge of ServiceNow, Jira and Confluence.

Any experience of endpoints telemetry analysis, Malware analysis and understanding of Exploit kits

Good communication skills

Experience of working in a fast-paced, globally dispersed environment

Good analytical, problem-solving and interpersonal skills

B.Tech/BSc//M.Sc in technology.

Security Certifications are a bonus - CompTia Security+

,CySA+ CISSP, any cloud

Security, SSCP or similar