Security Consultant L3

Job Description

We are looking for an experienced security professional for our 24×7 managed security operations center to work as a Security Consultant. The candidate will be responsible for Incident Handling, Threat Hunting and would be primary security consultant for clients as a part of the Managed Detection and Response service

Responsibilities

• Review & Analyse security events for quality and possible escalations to raise the alarm.
• Follow-up with customers & vendors to resolve open issues
• Security device administration with respect to tuning and enhancing detection capabilities.
• Handling SOC MDR Operational requirements.
• Review and present security reports and ensure compliance to security policies and SLAs as applicable.
• Perform in-depth analysis of events and logs for detecting malicious applications and network activity, common attack techniques that compromise hosts, detecting and analysing system and network vulnerabilities and continuous process improvement by discovering the root causes of incidents
• Work to resolve major security incidents in conjunction with respective resolver groups. Experience configuring security incident and event management tools including creating event filtering and correlation rules and reports.
• Ability to work with customer and product specialists to weed out false positives and improve the efficiency of the security operations
• Creation of knowledge base which will be used by SOC analysts for performing their roles.
• Development of customised use cases based on the applicable threats to client infrastructure.
• Creation of ad-hoc reports and Dashboards as per customer requirements
• Leading team of SOC Analyst/Operations team 

Essential Skills

• Knowledge & hands-on experience in the management of IDS/IPS
• Firewalls, VPN, and other network & security products
• Experience in security Information event management (SIEM) tools such as Qradar, Arcsight, Logrhythm or any other tools.
• Creating basic & advanced co-relation rules
• Should have expertise in TCP/IP network traffic and event log analysis,
• Knowledge of ITIL disciplines such as Incident, Problem and Change Management
• In-depth knowledge of OSI Layers, Internet Protocol, TCP/IP
• Ability to work independently and confidently
• Visio & MS presentation skills
• Excellent problem-solving, analytical & communication skills
• Solid communication skills and expertise in translating technical jargon into business familiar language
• Communicate effectively with customers, team members, and management

Additional Desired Skills

• Strong verbal and written English communication
• Strong interpersonal and presentation skills
• Ability to work with minimal levels of supervision
• Experience in vulnerability analysis and management would be an added advantage.
• Experience in SIEM implementation & administration, experience in device management is desirable
• Experience in Incident Response and Forensics

Qualifications

• Educational qualification: BE/MCA or University degree
• Candidates should have at least 6-10 years of experience working in a SOC environment
• Certifications required – CEH, ECIH/CHFI
• Certification Desired: CCSP, GCIH, GCFA