Technical Lead

Overview

Job Description:

Location: Noida

Experience Required: 8+ Years

Required Skills:

· Skilled in using incident handling methodologies.

· Skilled in collecting data from a variety of cyber defence resources.

· Skilled in recognizing and categorizing types of vulnerabilities and associated attacks.

· Experience detecting host and network-based intrusions using intrusion detection technologies.

· Experience to interpret the information collected by network tools (e.g., nslookup, Ping, and Traceroute).

· In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management, MITRE etc.

· Experience in threat management and threat intelligence

· Knowledge of applications, databases, middleware, Authentication, authorization, and access control methods.

· Key concepts in security management (e.g., Release Management, Patch Management),

· Operating system command-line tools like PowerShell, Packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump), Network tools (e.g., ping, traceroute, nslookup), Network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools, Windows/Unix ports and services.

· Working knowledge and experience with MS office with proficiency in Excel

Roles and Responsibilities:

· Lead and manage Security Operations Centre in an MSSP environment

· Ensure incident identification, assessment, quantification, reporting, communication, mitigation, and monitoring

· Ensure compliance to SLA, process adherence and process improvisation to achieve operational objectives

· Revise and develop processes to strengthen the current Security Operations Framework, review policies and highlight the challenges

· Responsible for team resources, overall use of resources and initiation of corrective action where required for Security Operations Center

· Creation of weekly, monthly, quarterly reports, dashboards, metrics for SOC operations and presentation to client and Sr. Mgmt.

· Interface both internal & external audits of the Security Operations Center (SOC)

· Ensure incidents and investigations are thoroughly documented for the purposes of facilitating record keeping, process improvement, lessons learned, trend analysis, and senior leadership reporting

· Conduct regular review with customer stakeholders, build and maintain positive working relationships with them

· Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities. Isolate and remove malware.

· Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).

· Provide daily summary reports of network events and activity relevant to cyber defense practices.

· Receive and analyse network alerts from various sources and determine possible causes of such alerts.

· Notify designated managers, cyber incident responders and articulate the event's history, status, and potential impact for further action in accordance with the organization's incident response plan.

· Analyse and report system security posture trends.

· Assess adequate access controls based on principles of least privilege and need-to-know. Work with stakeholders to resolve computer security incidents and vulnerability compliance.

· Creating SIEM correlation rules, custom reports, integrating threat intelligence feeds

· Administer, manage, configure, maintain, and support Security devices like Firewall, IDS/IPS, Proxies, Mail Gateways etc.

· Onboarding new customers in Build and Run and Build and Handover model

Experience/ Qualifications:

· Bachelor's degree in Computer Science, Information Technology, Systems Engineering, or a related field.

· Good oral and written communication skills to collaborate with the team.

· Minimum 8+ years of Security engineering or Security Operations

· Understanding of how operating systems work and how exploitation works for different Operation Systems and applications.

· Understanding of network traffic and be able to analyse network traffic introduced by the malware.

· Thorough understanding of Windows and Linux Internals

· Knowledge of common hacking tools and techniques

· Experience in understanding and analysing various log formats from various sources.

· Experience in analysing reports generated of SOAR/SEM tools e.g. ArcSight, Elastic SIEM etc

Job Type: Full-time

Pay: ₹2,000,000.00 - ₹2,500,000.00 per year

Schedule:

• Day shift

Experience:

• security operations: 8 years (Required)
• powershell: 8 years (Required)
• windows, Linux: 8 years (Required)
• Cyber defence: 8 years (Required)
• threat Management: 6 years (Required)

Work Location: In person