Job Purpose:
Lead- Cyber Incident and Response (L2) is managing SOC Team which continuously monitors and analyzes the security procedures of an organization. It also defends against security breaches and actively isolates and mitigates security risks. In addition, SOC Administrator is directing SOC operations, responsible for syncing between analysts and engineers, hiring, training, and security strategy. Directs and orchestrates response to major security threats.
Key Tasks and Duties:
Lead- Cyber Incident and Response (L2)
- Lead and manage Security Operations Centre.
- Primarily responsible for security event monitoring, management and response
- SOC Cyber incident review and response.
- Daily /Weekly/monthly SOC reports and checklist review and submission.
- Ensure incident identification, assessment, quantification, reporting, communication, mitigation and monitoring.
- Ensure compliance to SLA, process adherence and process improvisation to achieve operational objectives.
- Revise and develop processes to strengthen the current Security Operations Framework, review policies and highlight the challenges in managing SLAs.
- Responsible for team & vendor management, overall use of resources and initiation of corrective action where required for Security Operations Centre.
- Management, administration & maintenance of security devices.
- Perform threat management, threat modelling, identify threat vectors and develop use cases for security monitoring.
- SPAM/Quarantine Email monitoring and management.
- Blacklisting/Whitelisting of URL in URL filtering solution.
- DLP bypass permission.
- VPN access review, Reporting and monitoring.
- Responsible for integration of standard and non-standard logs in SIEM.
- Creation of reports, dashboards, metrics for SOC operations and presentation to Sr. Mgmt.
- Perform any other related duties as required or assigned.
- Ensure Timely on-boarding of IT / security assets (Applications, DB, OS) on SIEM/ SOAR platform.
Qualifications
Bachelor’s degree Information Security/Technology Management.
Experience
Minimum 4 years’ experience in Information Security/Technology Management/SOC operations.