Pune, India

Security Analyst

Job Description

We are looking for a Security Analyst for our SOC Administration team that will:

a) Monitor, maintain and troubleshoot health related issues relating to the SOC Tools.
b) Onboarding and troubleshooting of the devices and non-reporting devices.
c) Lead and guide a team of Security Engineers on shift for resolution of incident tickets raised in the shift.

Responsibilities
  • Good knowledge of SIEM, SIEM Architecture, SIEM health check.
  • Good verbal/written communication skills.
  • Review of daily health check of SIEM components like collector, processor, console etc.
  • Data archiving and backup and data purging as required and for compliance.
  • Raising change management tickets for SOC Administration activities like Patch upgrade for SIEM etc.
  • Helping L3 and assisting L1 with required knowledge base details and basic documentations.
  • Co-ordination with L1 and SOC Monitoring team on troubleshooting issues and highlighting it to L3 for further resolution and escalation.
  • High ethics, ability to protect confidential information.
  • Work on fine tuning of correlation rules, creation of monitoring dashboards and filtering of traffic.
  • Building of incident reports, check if SLA has been met for incident alerting and incident closure.
  • Update and maintain SOC knowledge base for new security incidents and docs.
  • Creation of daily status report sheet and submit to SOC lead for review.
  • Review advisories and make necessary detection measures.
  • Troubleshooting non-reporting devices and maintain device status.
  • Working with OEM (Tool support) in a way to resolve the issue or incident raised.
  • Administration of Windows Servers on which the tools have been installed.
Essential Skills
  • Escalation point for L1 and SOC Monitoring team.
  • Good experience in SIEM administration and event flow architecture and different types of logs generated by devices like Windows, Proxy, Network Devices, Database…etc.
  • Good understanding of Firewall, IDP/IPS, SIEM functioning (Generalize HLD as well as LLD).
  • Deep understanding of Windows, DB, Mail cluster, VM and Linux commands.
  • Must have knowledge of onboarding different devices into SIEM
  • Knowledge of network protocols TCP/IP and ports.
  • Team spirit and working ideas heading to resolution of issues.
  • Good verbal/written communication skills.