SIEM OR SOC Analyst
- Full Time / Part Time: Full Time
Resillion is a global company with end-to-end capabilities: no matter your industry, your geographical location, or stage in your digital journey. With offices in North America, Europe, and Asia, Resillion will be by your side. Helping you and your organization realize your ambitions in cyber security, testing of digital media content and quality assurance.
Whether, testing, certification, (software) development, cyber security, or data-protection, the experts at Resillion do whatever it takes. We work as long and hard as necessary to get you to market.
SOC Analyst or SIEM Analyst
Experience Range: 2+ Years
Location : Bangalore/ Remote
- Analyse security incidents to identify the root cause.
- Investigate, document, and report on information security issues and emerging trends.
- Analyse Threat Intelligence sources for proactive identification of emerging threats.
- Participate in evaluating the security of monitored infrastructure systems and take part in recommending additional security solutions where appropriate.
- Participate in improving internal incident response processes.
- Assist with the creation and maintenance of Playbooks and Runbooks.
- Recommend enhancements to SOC security process, procedures, and policies.
- Provide vulnerability management and monitoring service to customers through vulnerability scanning tools.
- Integrate and share information with other analysts and other teams.
- Develop and coach L1 SOC analysts and assist them in building stronger skills.
- Assist with reporting and documentation work as needed.
Required skills and qualifications
- Security monitoring experience with one or more SIEM technologies, preferably Microsoft Sentinel and/or Elastic (ELK)
- Tuning of SIEM environment and creation of additional monitoring rules.
- Strong understanding of networking principles including TCP/IP, WANs, LANs, and commonly used Internet protocols.
- Strong understanding of Windows, Linux and cloud technologies.
- Good understanding of security solutions including SIEMs, Web Proxies, Anti-Virus, Firewalls, VPN, authentication providers and mechanisms, encryption, IPS/IDS.
- Good understanding of security incident management, malware management and vulnerability management processes.
- Attention to detail and quality.
Desirable skills and qualifications
- AZ-500 Microsoft Azure Security Technologies and/or SC-200 Microsoft Security Operations Analyst
- Knowledge of Microsoft Kusto Query Language (KQL)
- Knowledge of Crowdstrike Falcon
- Prior experience with handling or managing Cyber Incident Response (NIST)
Familiarity with ITIL practices regarding incident, problem and change management