Job Description
The primary function of an SME is to ensure that the SOC team is performing its functions as
required and to trouble shoot problematic incidents and events.
Responsibilities
- Work collaboratively with Account Manager for Client relations
- Track incident detection and closure.
- Execute risk hunting activities
- Undertake forensic investigations
- Act as Subject Matter Expert and expert witness where required
- General intelligence advisories and delegate intelligence aggregation tasks to L2
- Generate new use cases for emerging threats
- Conduct incident response coordination with customer
- Validation of security incidents
- Conduct audits of logging and correlation
- Conduct monthly security use case review and correlation audits
- Use of sandbox, honeypot, analytics tools and security testing
- Escalation Management
- Ensure process compliance
- Ensure quality of investigations and notification and direct L2 and L1 accordingly
- Report deviations to SOC manager
- Ensure SLA compliance for projects within remit
- Perform deep analysis to security incidents to identify the full kill chain
- Setup weekly meeting to review the weekly reports with the client
- Respond to client’s requests, concerns and suggestions
- Act as Subject Matter Expert for different clients
- Provide knowledge to L1 and L2 such as guides, cheat sheets etc
- Follow up with the recommendations to the client to contain an incident or mitigate a
- Conduct presentations and updates to the client
- Respond to incident escalations and provide solid recommendations
- Update aging incidents and requests
- Track SOC performance in terms of SLAs and incidents quality
- Review vulnerability assessment reports with the client and provide necessary
- Configure and maintain vulnerability scanners policies and reports
- Conduct threat hunting exercises on SIEM and EDR platforms
- Conduct penetration testing on web applications, mobile applications, servers
- Develop and improve processes for monitoring and incident qualification
- Perform quarterly evaluation for L1 and L2 analysts and report feedback to SI
- Participate in professional services (internal and external penetration testing, wireless
audits, social engineering exercises, security awareness programs etc.)
- Perform threat intelligence analysis and investigations. Search on the darkweb and
specific client
- Create reports for threat intelligence as a service
Essential Skills
- Experience with Security Information Event Management (SIEM) tools, creating
Assessments
- Should have expertise on TCP/IP network traffic and event log analysis
- Knowledge and hands-on experience with LogRhythm, QRadar, Arcsight, Mcafee epo,
- Knowledge of ITIL disciplines such as Incident, Problem and Change Management
- Configuration and Troubleshooting experience on Checkpoint, Cisco, Fortigate,
- Knowledge and hands-on experience of implementation and management of IDS/IPS,
Education Requirements & Experience
Bachelors in Computer Science/IT/Electronics Engineering, M.C.A. or equivalent
University degree
University degree
- Minimum of 6 to 10 years of experience in the IT security industry, preferably working
- Certifications: GCIH, CCNA, CCSP, CEH
Location
Pune – Baner
Additional Desired Skills
- Strong verbal and written English communication
- Strong interpersonal and presentation skills
- Ability to work with minimal levels of supervision
- Willingness to work in a job that involves 24/7 operations