Manager - SOC AdminPlatform Engineer

Responsibilities

. Align with internal & external needs, threat trends, and operational performance to identify opportunities for improvement/enhancement of the security operations center technologies and integrations.

. Perform system administration for SIEM, SOAR, EDR and ancillary devices.

. Develop, implement, and execute standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the SIEM/SOAR platforms.

. Develop information security and incident response workflows, procedures and best practices and publish them as playbooks in SOAR platform.

. On-board new log sources with log analysis and parsing to enable SIEM correlation.

. Creates and develops correlation and detection rules within SIEM solution (IBM QRadar), reports and dashboards to detect emerging threats.

. Manage, develop, and tune the scripts that integrate SIEM.

. Collaborate with key stakeholders within technology, application, and cyber-Security to develop specific use cases to address specific business needs.

. Collaborate with platform & application owners to define and establish logging standards to address various governance & security requirements.

. Create technical documentation around the content deployed to the SIEM.

. Provides technical support for forensics services to include evidence seizure, computer forensic analysis and data recovery, in support of computer crime investigation. Researches and maintains proficiency in open and closed source computer exploitation tools, attack techniques, procedures, and trends.

. Performs research into emerging threat sources and develops threat profiles. Keep updated on latest cyber security threats.

. Demonstrates strong evidence of analytical ability. Has a broad understanding of all stages of incident response.

. Has a sound understanding of other technologies like PAM, CASB, EDR, Email Security, Secure Web gateway etc. and other threat detection platforms that form part of the broader SOC program.

. Creation of reports, dashboards, metrics for SOC administration KPIs and presentation to senior management & other stakeholders.

. Handling audit related activities with internal and external stakeholders to ensure compliance of policies, adherence of procedures, showcase evidence, and align the observation reports for process improvisations to achieve operational objectives.

. Be prepared to provide a Technical Escalation Point during security incidents, establishing the extent of an attack, the business impacts, and advising on how best to contain the incident along with advice on systems hardening and mitigation measures to prevent a re-occurrence.

. Has a systematic, disciplined, and analytical approach to problem solving with leadership skills.

. Has basic knowledge of audit requirements (PCI, HIPPA, SOX, ISMS etc.)