Join Our Team

Job description

The Cybersecurity Associate is responsible for designing, developing, or recommending integrated security systems and physical control solutions to protect proprietary/confidential data and systems. Participates with the client in the strategic design process to translate security and business requirements into technical designs. Configures and validates secure systems and physical controls and tests security products and systems to detect security weaknesses.

• Understand various network protocols, including TCP/IP, UDP, DHCP, FTP, SFTP, ATM, SNMP, SMTP, SSH, SSL, VPN, RDP, HTTP, and HTTPS.
• Operate SIEM consoles in order to monitor environmental threats and incidents.
• Understand cyber-attack methods.
• Perform analysis of security logs in an attempt to detect unauthorized behavior.
• Document and contain security incidents detected on the network.
• Execute the Incident Response process when a security incident has been declared.
• Plan, coordinate, and implement network security measures in order to protect data, software, and hardware on government networks.
• Maintain logs related to network functions and maintenance and repair records.
• Document and present findings suitable for customers to management.
• Work in rotational shifts, including weekends & holidays.
• Monitor IT systems and report technical issues as per the process defined.
• Coordinate with customers to solve issues.
• Provide daily reports to the Team Leader.
• Carry out analysis of security events and report problems.
• Meet SLA requirements.
• Ready to commit to work for 2 years.

Education and skills

• Bachelor's degree or equivalent.
• Have strong knowledge of IT networking Concepts.
• Must skills - Excellent command of verbal and written English.

Job description

• Understand cyber-attack methods, perform analysis of security logs in an attempt to detect/uncover and respond to cybersecurity threats, and provide daily reports to Management/CXO
• Run compliance reports and support the audit process. Measure SOC performance metrics and communicate the value of security operations to business leaders.
• Good understanding of Vulnerabilities, threats, risks, compliance, and other aspects of security governance
• Experience in working on multiple network security OEM platforms
• Good understanding of Active Directory groups and the Windows operating system
• Assist with security-related issues
• Reviewing of security alerts
• Responsible for troubleshooting agent software issues
• Reviewing reports to ensure quality and accuracy is a part of the job for SOC Analysts
• Knowledge of cybersecurity solutions
• Understanding of standard network services (web, mail, FTP, etc.), network vulnerabilities, and network attack patterns is a must
• Strong analytical and problem-solving skills are needed to perform the job of a SOC analyst
• Due to the nature of the business, the SOC L3 position covers all shifts 24/7
• Expertise in ArcSight, Splunk, and other SIEM products essential
• Provide recommendations and implement changes to optimize ArcSight products in the customer environment
• Support the client in fact-finding or case-supporting tasks as it relates to ArcSight
• Explanation about creating rules, dashboards, and searching of logs in logger and ESM to team
• ArcSight ESM, Logger, ArcMc, smart connector's upgradation

Job description

Experience Tools and Technology

• Client OS: Windows 7, Windows 8, Windows 10, Linux, RHEL, Ubuntu, CentOS.
• Server OS: Windows Server 2008, Windows Server 2012, Linux
• Splunk ES Implementation, integration
• Integration of threat intelligence tools MISP with Splunk
• UBA
• SOAR
• Firewalls: FortiGate, Checkpoint, WAF: Imperva

Achievements

• Administration and Operation role of Splunk.
• Team Lead
• Deployment and implementation of multiple forwarders and device integrations
• Administration of existing setup of Splunk SIEM architecture with upgradation and finetuning activities
• Managing Splunk customers.
• Splunk Core Certified Admin.

Responsibilities

• Responsible for the SIEM management and upkeep
• Content development & management
• Operations management & troubleshooting of UBA Solution
• Operations management & troubleshooting of SOAR Solution
• SOAR playbook development for end-to-end automation
• Analyse network traffic using enterprise tools (e.g., SIEM, Full PCAP, Firewall, Proxy logs, IDS logs, etc).
• Analysis network monitoring, including IPS, WAF, PCAP, and NetFlow tools.
• Incident Escalation management
• Splunk Implementation, Integration, Fine-tuning, and administration.
• Splunk Content Development (filters, queries, variables, trends, reports, saved searches, etc.)
• Device Integration or configure log event sources with Splunk SIEM
• Verifying or conducting log collection failover scenarios
• As-Built Documentation
• Perform Triaging, false positive removal, and incident response.
• Coordinating with teams and resolving unsolved incidents.
• Hands-on experience in Incident Response activities like Malware analysis
• Work with vendor partners to monitor security products for evidence of unauthorized activities or violations of the organization's security policies, standards, and procedures and report incidents and violations to management.
• Develop, implement, and execute control activities to ensure that security products, processes, and procedures work as intended; remediate any detected deficiencies.
• Work with customer to track the overall SOC maturity process