Role: SOC Analyst L3
Location: Mumbai, India
The candidates should be with 4-6 years of experience and have a minimum of 4+ years in SOC Operations and cyber incident response. The role will be required to collaborate with internal and external stakeholders, analyse incidents, the ability to perform triaging, analysis, investigate, and reporting. The candidate should have exposure to the cyber incident response process and having in depth understanding of cyber-attacks and incident response.
We are seeking a combined skill set of security analyst and security engineering experience.
The primary role will be to improve our detection and incident response platforms & processes by using knowledge and experience of log analysis, threat actor tactics, techniques and procedures and co-working with the Group's cross-technical teams (viz. Network, Datacenter, IT Standards) to develop customized solutions or indicators in both our SIEM and IT infrastructure (log) sources to improve our cyber defense actions and strategies. He/She will lead a team of security analysts (24x7 support)
- Monitor and analyse logs and alerts from a variety of different technologies across multiple platforms to identify and triage security incidents affecting the customers
- Performing threat hunting along with in-depth investigation and support to incidents generated from SOC
- Assess the security impact of security alerts and traffic anomalies to identify malicious activities and take mitigating actions, discuss with customers and internal teams
- Define and document playbooks, standard operating procedures, and Incident Response process
- Provide Incident Response (IR) support for the incidents and alerts reported
- Document results of cyber threat analysis and prepares a comprehensive analysis report for Incident Response Process
- Use security tools and technologies to analyse potential threats to determine impact, scope, and recovery of services
- Collaboration with internal and customer incident response teams
- Strong knowledge in malware analysis would be a plus and the ability to conduct a detailed analysis of various security-related events like Phishing, Malware, DoS/DDoS, Application-specific Attacks, Ransomware, etc
- Act as a single point of contact and technical relationship manager to specific clients
- Create and track project plans for one time and sustenance tasks for the project
- Provide periodic report to internal and customer stakeholders periodically
- Create and track tasks, project plans for the projects assigned
- Provide technical leadership and coaching for junior team members
- Technical understanding of applications, system, network, cloud, and infrastructure architecture
- Deep understanding of logging mechanisms of Windows, Linux, and MAC OS platforms, networking
- Proficiency with any of the following: EDR, Anti-Virus, Vulnerability Management, HIPS, NIDS/NIPS, Full Packet Capture, Host-Based Forensics, Network-Based Forensics, and Encryption
- In-depth knowledge of architecture, engineering, and operations of an enterprise SIEM platform, preferably expertise on ELK Stack.
- Advanced certifications such as SANS GIAC / GCIA / GCIH, CISSP or CASP and/or SIEM-specific training and certification is an added advantage
- At least 4 years of experience in a Security Operation Centre (SOC)
- Good communication skills to coordinate among various stakeholders of the organization
Cybernx was founded by individuals who have extensive experience in uplifting and transforming other businesses. Cybernx was founded by a small group of entrepreneurs with big ideas and a lot of ambition. The Cybernx team has innovated and risen through the top positions to become one of the world's top cyber security companies.
Share this on: