Senior SOC Engineer

Job Description

• Plan and execute regular incident response and postmortem exercises, with a focus on creating measurable benchmarks to show progress (or deficiencies requiring additional attention).
• Ability to clearly identify, capture, articulate, design, implement, and maintain security operations uses cases.
• Manage security event investigations and partnering with other departments as needed
• Coordinate resources during incident response efforts, assists with classifying security events, direct and guide remediation, support documentation as needed
• Experience working with SOAR to automate repetitive tasks and drive efficiencies allowing analysts to work on more advanced tasks.
• Conduct forensic investigations, identify systems of interest and direct data acquisition, analysis and containment measures
• Conduct network forensics, intrusion analysis, malware analysis and reverse engineering, threat intelligence fusion (wherever possible/ required) to identify the root cause / patient zero
• Build knowledge and skills within the team on latest forensic tools, endpoint threat detection tools, technologies and techniques on an ongoing basis
• Evaluate and update SOC runbooks, playbooks, and procedures as appropriate.
• Develop metrics and scorecards to measure risk to the organization, as well as effectiveness and efficiency of SOC associate.
• Prepare reports of analysis and results to provide briefings to management
• Responsible for managing security incidents identified by internal controls or external SOC partners.
• Train, mentor and motivate junior team members
• Lead investigations, identification, scoping, and reporting on cyber threats.
• Create detailed timelines and incident documentation during and after investigations
• Proficient in Incident Response and automation workflows as it relates to Security Operations
• Conduct Reactive threat hunting and analysis using various toolsets based on intelligence gathered
• Partner with the Security Engineering team to improve tool usage and workflow, as well as with the advanced threats and assessment team to mature monitoring and response capabilities.
• Participate in Purple and Blue teaming activities
• Perform Security Incident Campaign analysis
• Support continuous security controls testing and validation program
• Engage with tuning of alerts to help improve their fidelity

Education:

• Bachelor’s degree in Computer Science, Information Technology, Business or equivalent discipline
• Professional Certifications like GSEC, GCIA, CISSP, OSCP, etc., will be a plus

Skills:

• Excellent communication skills with the ability to influence other teams
• Good understanding of the offensive and defensive side of security
• Driving measurable improvement in monitoring and response capabilities at scale
• Strong team player - collaborates well with others to solve problems and actively incorporates input from various sources.
• Analytical and problem-solving mindset with demonstrated effective decision-making skills
• Works calmly under pressure and with tight deadlines
• Track record of successful personnel management
• Is proactive and highly trustworthy; leads by example

Experience Required:  

• 6+ years of experience in cybersecurity operations and incident response, or with a reputed Services / consulting firm offering security operations consulting, or equivalent experience
• Experience in SOAR (Security Orchestration Automation Response) platform preferred, but not mandatory
• Experience as a mentor and trainer of team members
• Experience with one or more Security Information and Event Management (SIEM) solutions
• Demonstrated proficiency in incident response and forensic investigation using a variety of toolsets and methodologies
• Experience in investigations using formal chain-of-custody methods, forensic tools and best practices
• Experience in scripting languages such as Powershell or Python shall be a plus
• Experience in server and mobile forensic tools such as Autopsy, FTK, Encase, Oxygen, Cellebrite, Wireshark, RAM analysis, Registry analysis tools etc
• Experience in investigating complex, multi-location security breaches and creation of detailed forensic investigation reports and presentations for variety of stakeholders

General Requirements:

• Candidate should be willing to work majorly in SGT (Singapore Business Hours) or occasionally in other shifts as required by SOC Management
• Candidate should be able to work from Ares Office located in Mumbai
• Experience with one or more Security Information and Event Management (SIEM) solutions
• Understanding of common Attack methods and their SIEM signatures
• Experience in security monitoring, Incident Response (IR) and security remediation
• Experience working with Endpoint Detection and Response (EDR), User and Entity Behavioral Analysis (UEBA) and Network behavior anomaly detection (NBAD)
• Strong knowledge and experience in Security Event Analysis capability
• Understanding of network protocols (TCP/IP stack, SSL/TLS, IPSEC, SMTP/IMAP, FTP, HTTP etc.)
• Understanding of Operating System, Web Server, database, and Security devices (firewall/NIDS/NIPS) logs and log formats
• Understanding of different cloud environments
• Strong analytical and problem-solving skills
• High level of personal integrity, and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity
• Ability to interact effectively at all levels with sensitivity to cultural diversity
• Ability to adapt as the external environment and organization evolves
• Passionate about Cybersecurity domain and has the inclination to learn current technologies / concepts / improvements
• Knowledge of cyber security frameworks and attack methodologies
• Knowledge of intrusion detection methodologies and techniques for detecting host- and network-based intrusions via intrusion detection technologies
• Excellent verbal and written English communication skills

Reporting Relationships

There is no set deadline to apply for this job opportunity. Applications will be accepted on an ongoing basis until the search is no longer active.