Role description
Responsible for the overall programmable Networking development & maintenance strategy, implementation roadmap and line management of the team.
Key Accountabilities:Guide development teams on issues related to the design, development, and deployment
Leads team of developers and guides them in applying best practices in engineering development
Supports engineering development process and ensures focus on the Continuous Delivery/Continuous Integration by the junior members of the team
Build partnership with stakeholders and guides them on expectations from the engineering development process
Bachelors in Engineering with 8-10 years of experience. Experience in leading engineering teams
Skills
1. Provide supervision, leadership, and mentoring of Security Operations Centre Analysts, covering technical and procedural direction to local SOC personnel.
2. Detection, monitoring, analysis, and resolution of security incidents; provide containment and recommendation.
3. Have experience managing the FireEye Helix SIEM and SOAR for SOC operations.
4. Must have experience in the administration and management of the Endpoint tools like FireEye EDR, FireEye Network and Email APT, and
Symantec/Forcepoint DLP
5. Should be able to manage Privileged Access Management solutions.
6. Must have experience developing and implementing SIEM use cases and monitoring post-implementation to allow coverage of more attack vectors.
7. Expertise in gathering and providing necessary data to Threat Experts for Digital Forensics and Malware Analysis
Skills/Experience :
Overall 6 to 10 years of experience
Extensive hands-on experience on FireEye Helix SIEM and SOAR platforms
Experience in incident management methodologies and complete lifecycle, MITRE ATT&CK Framework, Cyber Kill Chain.
Ability to determine and handle different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks)
Must have a technical working knowledge of firewalls, proxies, SIEM, EDR, antimalware, penetration testing, vulnerability scans, ACLs, IDS/IPS, VPNs,
PAM/IAM, HIPS, APT
Good knowledge & Experience on Windows OS, UNIX OS & Linux OS (RHEL, Cent OS, Debian &, Ubuntu), NoSQL DB’s
Certified Computer Security Incident Handler (CERT CSIH), EC-Council
Certified Incident Handler (E/CIH), GIAC Certified Incident Handler (GCIH),
Certified on any one SIEM tool, especially on FireEye SIEM
Excellent communication skills.
Experience working as part of larger geographic teams and working in teams with different cultural backgrounds.
Other details
L2SOC for CMS