Closely work with SOC team and be responsible for incident detection, triage, analysis and response and resolution.
Daily Health check of multi-vendor Security Devices and action according to the requirements.
Analysis and response to Device monitoring alerts/tickets.
Support the incident response team during major security incident with advance investigation skills.
Handle L2 and above level technical escalations from L1 Operations team and resolve within SLA.
Finetune of existing use case of SIEM to reduce false positive.
Periodic security rule review and suggestions for continuous improvement of client security posture.
Escalation handling, reporting and resolutions within SLA.
Preparation and walkthrough of the daily, weekly, and monthly reports to the customer/stake holders.
Ready to work in 24x7 rotational shift model including night shift.
Incorporate and follow all change management processes and procedures as outlined by the customer.
Participate in security and vulnerability risk assessments of the enterprise firewall environment.
Identify the process and technology gaps and drive for closure.
Explore different technologies available in the security industry.
Coordination with different stakeholders for closure of SR/CR/IN.
Coordination with internal customers for their security related problems and providing solutions.
Create and manage various KEDBs the SOPs, runbooks, asset inventory with risk classification, critical application flow diagram, network flow diagram, privileged user list.
Continually improve upon skills and ability to learn new technologies
Mentor and monitor L1 team members for their daily activities.
Provide KT and required training to other team members.
Who you are: Cloud and Infrastructure Security Operations Delivery.
What you'll do: Support multiple customers using multi-vendor security technologies by securing their day-to-day business delivery.