Senior SOC Engineer

Job Description

• Detects, identifies, and responds to cyber events, threats, security risks, and vulnerabilities in line with cyber security policies and procedures
• When necessary, leads and coordinates incident response activities, engage stakeholders and relevant security teams outside of SOC to effectively investigate and neutralize a security incident
• Plan and execute regular incident response and postmortem exercises, with a focus on creating measurable benchmarks to show progress (or deficiencies requiring additional attention).
• Experience working with SOAR to automate repetitive tasks and drive efficiencies allowing analysts to work on more advanced tasks.
• Communicates with stakeholders and leadership to provide timely and accurate updates on the progress of the Incident response effort
• Identifies, documents, and blocks TTPs, IOCs, and other artifacts during incident response
• Authors content using query languages and scripting for event enrichment and efficient investigation
• Develops procedures and documentation to support incident response and forensic investigation standard operating procedures
• Contributes to the maintenance and optimization of the organization's incident response plan
• Creates detailed timelines and incident post mortem documentation following investigations
• Create, vvaluate and update SOC runbooks, playbooks, and procedures as appropriate.
• Conducts threat hunting and analysis using various toolsets based on hypothesis and intelligence
• Partner with the security engineering and platform engineering teams to optimize operations
• Support a program for continuous security controls testing and validation
• Participate in Purple and Blue teaming activities
• Perform Security Incident Campaign analysis
• Mentors and leads junior team members by example and through effective communication via one on one meetings, coaching, informal instruction, or other methods as required
• Completes projects on time, according to instruction, and within requirements described by stakeholders
• Develop metrics and scorecards to measure risk to the organization, as well as effectiveness and efficiency of SOC associate.
• Perform other duties as planned and communicated by leadership

Education:

• Bachelor’s degree in Computer Science, Information Technology or equivalent discipline
• Professional Certifications like GSEC, GCIA, CISSP, OSCP, etc., will be a plus

Skills:

• Excellent communication skills with the ability to influence other teams
• Good understanding of the offensive and defensive side of security
• Driving measurable improvement in monitoring and response capabilities at scale
• Strong team player - collaborates well with others to solve problems and actively incorporates input from various sources.
• Analytical and problem-solving mindset with demonstrated effective decision-making skills
• Works calmly under pressure and with tight deadlines
• Track record of successful personnel management
• Is proactive and highly trustworthy; leads by example

Experience Required:  

• 6+ years of experience in Cybersecurity, or with a reputed Services / consulting firm offering security operations consulting or equivalent experience
• Demonstrated proficiency in IR and forensic response using a variety of toolsets
• Experience in scripting languages such as PowerShell or Python
• Experience in SOAR (Security Orchestration Automation Response) platform preferred
• Experience with one or more Security Information and Event Management (SIEM) solutions
• Experience with one or more Endpoint Detection and Response (EDR) Solution
• Experience with one or more cloud environments
• Experience as a leader, mentor, and trainer of team members

General Requirements:

• Candidate should be willing to work majorly in SGT (Singapore Business Hours) or occasionally in other shifts as required by SOC Management
• Candidate should be able to work from Ares Office located in Mumbai
• Experience with one or more Security Information and Event Management (SIEM) solutions
• Understanding of common Attack methods and their SIEM signatures
• Experience in security monitoring, Incident Response (IR) and security remediation
• Experience working with Endpoint Detection and Response (EDR), User and Entity Behavioral Analysis (UEBA) and Network behavior anomaly detection (NBAD)
• Strong knowledge and experience in Security Event Analysis capability
• Understanding of network protocols (TCP/IP stack, SSL/TLS, IPSEC, SMTP/IMAP, FTP, HTTP etc.)
• Understanding of Operating System, Web Server, database, and Security devices (firewall/NIDS/NIPS) logs and log formats
• Understanding of different cloud environments
• Strong analytical and problem-solving skills
• High level of personal integrity, and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity
• Ability to interact effectively at all levels with sensitivity to cultural diversity
• Ability to adapt as the external environment and organization evolves
• Passionate about Cybersecurity domain and has the inclination to learn current technologies / concepts / improvements
• Knowledge of cyber security frameworks and attack methodologies
• Knowledge of intrusion detection methodologies and techniques for detecting host- and network-based intrusions via intrusion detection technologies
• Excellent verbal and written English communication skills

Reporting Relationships

There is no set deadline to apply for this job opportunity. Applications will be accepted on an ongoing basis until the search is no longer active.