JOB DESCRIPTION
Client Name: | JLR |
Job Title: | SOC L3 |
Will the role be 100% remote , Hybrid or 100% office? ( Mandatory) | Hybrid |
Job Purpose and primary objectives: | SOC L3 |
Key responsibilities | · Responsible for conducting information security investigations as a result of security incidents identified by the Level 2 security analyst who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone), · Act as a point of escalation for Level-2 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques. · Should have experience in Developing new correlation rules & Parser writing · Experience in Log source integration · Act as the lead coordinator to individual information security incidents. · Mentor security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks (tools, techniques, Procedures) in support of technologies managed by the Security Operations Centre. · Document incidents from initial detection through final resolution. · Ensuring threat management, threat modelling, identify threat vectors and develop use cases for security monitoring · Creation of reports, dashboards, metrics for SOC operations and presentation to Sr. Mgmt. · Act as focal point for any investigations involving security; to prepare reports and note follow up action. · Participate in the role of Incident Manager during any incidents and emergencies. · Ensure that all business recovery/contingency plans and/or procedures held within the security control rooms are always kept up to date · Coordinate with IT teams on escalations, tracking, performance issues, and outages. |
Key Skills/Knowledge: | · Knowledge of: Strong Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access Management (IAM) · Knowledgeable in SOC advancements such as EDR and SOAR · Thorough knowledge of SIEM technologies, like Splunk ES or QRadar · In-depth familiarity with security policies based on industry standards and best practices
|
Experience required: | · 8+ years working within the information security field, with emphasis on security operations, incident management, intrusion analysis · Experience with security device installations, configuration and troubleshooting (e. g., firewall, IDS, etc.) · SOC automation development and cloud operations (e. g. AWS) experience · Experience in designing and building security operations centers · Incident management process development and/or incident management experience · Ability to lead and communicate efficiently within a team environment · Must have a solid understanding of information technology and information security. · Excellent communication and presentation skills with demonstrated skill in presenting analytical data effectively to varied audiences (including executive) · Work well under pressure with differing levels of Management · Experience in Regulatory Compliance |
Additional remarks (if any): | |
Person Specification: I.e. Negotiating, client facing, communication, assertive, team leading/team member skills, supportive. | Speaking English is mandatory
|
投递简历
推荐站内搜索:最好用的开发软件、免费开源系统、渗透测试工具云盘下载、最新渗透测试资料、最新黑客工具下载……
还没有评论,来说两句吧...