Security Operations Engineer
The SOC Engineer has the responsibility of monitoring the security of network, servers, applications, and any telecommunications device in the company datacenter or client private cloud deployments. Moment the system security breach or malware detentions throws the alarm then the SOC engineers will have to quickly do a sanity check and validate if the alarm can be cleared immediately. If the issue cannot be fixed, then he needs to escalate the case immediately to the respective support teams.
The SOC engineer interacts frequently with technical support team, service providers, clients and internal users so it is very important that he is clear and concise in his communication. He also works very closely with the Engineering team and as such need to develop a good all-round understanding of systems and networks. He should be able to multi-task and prioritize work appropriately.
- You will be required to work in shifts supporting 24*7.
- You will assist the SOC Analysts in developing the toolsets to further enhance the capabilities of the SOC.
- Your duties will include but not be limited to carrying out 1st and 2nd line support for deployed Security tools like Splunk, ELK, Logrhythm. SourceFire
- This will include both the base Operating system as well as the associated applications.
- You will also assist the SOC Analysts in developing correlation logic and signatures associated with the supported Security Tools Establish, maintain and grow the value of current and future partner relationships.
- Integrate Qualys security tools for mission critical platforms.
- Perform vulnerability scan across the environment.
- Perform security assessment for all platforms and drive for closure of any deviations.
- Perform policy compliance and improve compliance posture across the board.
- Track and manage all exceptions. Follow up on expiring exceptions.
- Should manage entire life cycle of security incidents, investigate them and must drive them for appropriate closure.
Knowledge and skills required:
You will have experience of managing and maintaining Security tools within a global SOC environment. Technical expertise in the following would be beneficial:
- In depth knowledge of two or more of the following: SIEM, NIDS/NIPS, Endpoint Security toolsets, DLP, Network security technologies. Some of them can be Splunk, ELK, Logrhythm, SourceFire, NetFlow
- Knowledge of logging on Servers(syslog), Network & Security Devices, Applications and Cloud
- Knowledge and understanding of python is a plus
- Certification on Qualys products especially VM/PC is a plus
- Preferred computer science graduate.
- Should be ready to work in shifts.
- Should have very good communication and articulation skills.
- Ability and ready to learn new technology and should be a good team player.