Responsibility of / Expectations from the Role :
• Managing the Security Operation center & experience in management, configuration of ArcSight.
• Investigates alerts daily. Reviews the most recent SIEM alerts to see their relevance and urgency.
• Carries out triage to ensure that a genuine security incident is occurring. Oversees and configures security monitoring tools.
• Deals with critical incidents. Carries out vulnerability assessments and penetration tests to assess the resilience of the organization and to isolate areas of weakness that need attention.
• Reviews alerts, threat intelligence, and security data. Identifies threats that have entered the network, and security gaps and vulnerabilities currently unknown
• Addresses real security incidents. Evaluates incidents identified by tier 1 analysts.
• Uses threat intelligence such as updated rules and Indicators of Compromise (IOCs) to pinpoint affected systems and the extent of the attack.
• Analyses running processes and configs on affected systems. Carries out in-depth threat intelligence analysis to find the perpetrator, the type of attack, and the data or systems impacted.
• Creates and implements a strategy for containment and recovery
• Co-ordination with customer & different teams
• Prepare / Updation of SOC Process document
• Help in Training the SOC SME’s
Must-Have: ArcSight SIEM Management & configuration, SOC operation, Leadership, Interpersonal & Communication Skills
Good-to-Have: and Security Orchestration and Automation (SOAR),Create Use Cases, Automation, Certification CISSP , Deep understanding in Web application fire wall (WAF), Linux and windows operating systems, Database Security and Vulnerability Management Tools
Background: Cyber Security Domain