L2 Security Engineer (SOC)

Job Responsibilities:

Actively research and stay updated with latest and new cyberattacks, TTPs, threat attackers, vulnerabilities and based on it perform proactive threat hunting in customer environments.

Understand customer environments to develop use cases based on industry, targeted attacks, vulnerabilities, attack vector, threat landscape, TTPs etc., for the scope of monitoring.

Develop identification and documentation of Indicators of Compromise (IOCs).

Ability to perform malware reverse engineering on the detected malware file to investigate and identify its potential entry points.

Perform forensic analysis and investigations leveraging SOC solutions and provide evidence in case of breaches.

Handle security incidents tickets escalated by Level II team, and draft security incident report covering the root cause, forensic evidence, and recommended mitigation plans.

Strong understanding of MITRE ATT&CK framework, and ability to operationalize it for day-day SecOps activities, to develop tactics, techniques, procedures (TTPs) for security analysis and threat hunting.

Review 3rd party threat intel feeds and integrate them into MSS platforms to provide value to our customers.

Identify gaps in existing SOC process and work with team members or other departments to create, modify standard operating procedures, to automate any mundane daily operational activities, ensuring Ops are run efficiently.

Enable regional security analysts to deliver seamless support locally by developing SOC playbooks, relevant and sufficient Knowledge base.

Lead regional security analysts in handling incidents, customer escalations and requests, SLA (Service Level Agreement) requirements.

Required Qualifications: - Essential

Candidate should have at least 5 years of working experience in SOC and MSS environments,

Bachelor's degree in computer engineering, Computer Science, Cyber Security, Information Security, or other equivalents.

Experience in malware analysis for Windows and Linux/Mac.

Excellent hands-on experience in implementations, incident analysis of IBM QRadar, Azure Sentinel SIEM (Security Information and Event Management) technologies.

Hands on experience on any Endpoint Protection (EPP) or Endpoint Detection Response (EDR) technologies. Preferred if CrowdStrike, Microsoft Defender.

Hands on experience on SOAR (Security Orchestration, Automation, and Response) technologies.

Exposure to firewall technologies such as Cisco, Palo Alto, Checkpoint, Fortinet.

Good understanding of WIN, LINUX environments and well versed with basic LINUX commands and troubleshooting, with proven Unix (Solaris, Linux, BSD (Bumi Serpong Damai)) experience.

Knowledge of any shell scripting language and applying it to automate mundane operations tasks.

Candidate should have at least one SANS certification. Preferred if that is GCIH

Good understanding of basic network concepts and advantages of exposure to cloud technologies.

Lateral thinking combined with excellent troubleshooting skills, preferably with experience following ITIL (Information Technology Infrastructure Library) standards

Excellent English communication skills (verbal and written) combined with professional telephone manner.

Desirable

Advantage if have hands on experience in performing vulnerability assessments and presenting to customer business teams

Experience in penetration testing and report drafting

Experience in Forensics and Incident Response

Lead team of security analysts, develop SOC standard operating procedures and develop Threat Intel feeds.

Having experience in security standards viz., ISO 27001:2013, NIST (National Institute of Standards and Technology), CIS etc.

As part of any recruitment process, we collect and processes personal data relating to job applicants. We are committed to being transparent about how we collect and use that data and to meeting our data protection obligations. By applying to this post and sending us your resume, you agree to the collection, use and/or disclosure of your personal data in the manner as set out in our Data Protection Notice for Job Applicants which can be found

Logicalis is committed to protecting your privacy.

Click below to view the data protection notice.

https://ap.logicalis.com/sites/default/files/2022-10/PIMS-A7.3-01%20Attachment%20I%20DP%20Notice%20for%20Job%20Applicants_updated9sept22.pdf.

Posting code : #LI-JC1