Description Responsibilities: Act as the primary point of contact for incident escalations from Tier 1/2 analysts. Act as technical contributor during major security incidents contributing to improvement in the team’s capability. Lead the investigation and response to security incidents, leveraging advanced technical skills and threat intelligence. Triage security alerts, perform in-depth analysis to determine root cause and impact, and develop effective containment and remediation strategies. Develop and execute incident response plans, ensuring proper communication and documentation throughout the incident lifecycle. Work in a ‘business hours rostered on-call’ environment Utilize SIEM (Security Information and Event Management) and other security tools to identify and analyze potential threats. Develop and fine-tune security rules and correlation logic to improve threat detection capabilities. Maintain detailed documentation of security incidents, investigations, and response actions. Requirements: 5-7 years of experience in a SOC or security analyst role. Proven track record of successfully identifying, analyzing, and responding to security incidents. Strong background in formulation and execution of threat hunt scenarios and the development of subsequent use cases to uplift detection capability. Experience working on any of the scripting languages such as Python etc. Relevant industry certifications such as GIAC Certified Incident Handler (GCIH), Certified Information Systems Security Professional (CISSP), or CompTIA Security or Vendor certs are highly desirable. In-depth knowledge of Sentinel, Splunk, CrowdStrike, Securonix, LogRhythm, Rapid7 MS Defender, other Threat centric tools, IDS/IPS, email security, vulnerability scanners and other security technologies. Detection and mitigation strategies for a broad range of cyber threats, including malware, DDOS, hacking, phishing, lateral movement and data exfiltration.
