Job Title: T&T | Cyber:D&R | SIEM | Consultant | Hyderabad

Job requisition ID :: 75375

Date: Jan 15, 2025

Location: Hyderabad

Designation: Consultant

Entity:

• 3-5 years of experience in 24x7 (rotating shifts) monitoring at a Security Operations centre

• Hands-on experience in security tools such as IBM QRadar, FireEye Anti-APT solution

• Review and triage information security alerts worked by L1, provide analysis, determine and track remediation, and escalate as appropriate

• Desirable to have experience of SOC Monitoring and tirage using SOAR • Knowledge on XDR can be an added advantage

• Knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.

• Fundamental understanding of network traffic analysis including TCP/IP, routing, switching, protocols, etc.

• Reviews the most recent SIEM alerts to see their relevance and urgency. Carries out triage to ensure that a genuine security incident is occurring. Oversees and configures security monitoring tools • Inform L3 team of proactive and reactive actions to minimize false positives

• Maintain, manage, improve and update security incident process and protocol documentation (Run Book) • Strong understanding of Windows event log analysis

• Acts as Security Incident Handler for high-impact cyber security incidents and advanced attacks in accordance with Cyber Kill Chain methodology and incident response process.

• Conducts malware analysis and identification of Indicators of Compromise (IOCs) to evaluate incident scope and associated impact.

• Enhances workflow and processes driving incident response and mitigation efforts • Practical understanding of exploits, vulnerabilities, computer network intrusions, adversary tactics, exfiltration techniques and common knowledge

• Demonstrate proficiency in the Incident Response Process as well as the performance of threat hunting and SOC operations.

• Log analysis across disparate log sources, prioritize and differentiate between potential intrusion attempts and false alarms

• Sound understanding of different attack frameworks like Kill Chain & MITRE & ability to utilize them for incident response & reporting.