Team Lead, Information Security Operations

POSITION SUMMARY: 
Security operations team is responsible for ensuring that the Confidentiality, Integrity, and availability of the organization is not impacted. In this role, individual is expected to develop and maintain a robust SIEM infrastructure, PAM, Alert monitoring, and Incident Management. The monitoring of the known and unknown threats is directly proportional to the strength of the SIEM monitoring system. The individual is expected to review and monitor different monitoring alarms and provide recommendations for adequate monitoring and response. The individual is also expected to carry out Cyber Investigations and assess use of analytics for threat assessments. Extensive interfacing with MSP and stakeholders across IT and Business is expected to gather information, perform gap assessments, and streamline activities as and when required. Individual is expected to have experience in managing external and internal audits and ensure adherence to client and regulatory requirements in line with organizational policies. The individual is also expected to good knowledge in Cloud Security (AWS)

JOB FUNCTIONS AND RESPONSIBILITIES

•    Develop and enhance SIEM rules, use-cases, log source integration, log parsing, queries, dashboards, channels and custom rules.
•    Provide support to configure, analyze, and remediate issues on the SIEM.
•    Investigate suspicious activities, contain, and prevent them. Correlate and validate alerts. Analyze these events within the network environment of the business, and coordinate response activities with key staff in real time.
•    Investigate security breaches and other cybersecurity incidents. Document security breaches and assess the damage they cause.
•    Possess a firm understanding of the security offerings and capabilities in AWS, Google cloud and Azure. Maintain a robust Cloud security posture with continuous assessment and monitoring of the environment
•    Working or deployment knowledge of Privilege access management tool like CyberArk or BeyondTrust    
•    Understanding of security technologies including Anti-Malware, EDR, Web Security, IPS/IDS, Firewalls, Threat Intelligence etc.
•    Assist the junior team members with Advanced analysis of alerts from various security tools.
•    Lead the incident management process to ensure a secure environment.
•    Act as an escalation contact for MSP.
•    Experience in network security will be an added advantage
•    Stay up to date with the latest threats, attack vectors and countermeasures

EDUCATION / EXPERIENCE

•    Bachelor’s degree from an accredited college / university with basic knowledge of Information Security. 
•    Keen to learn the security technologies and how security operates.
•    Keen on entering the information security world and developing oneself in that direction.
•    7-9 years of progressive experience in SIEM Implementation/Administration, Alert Monitoring and Incident Management.
•    Hands-on experience with Rapid 7 SIEM will be an added advantage.
•    Bachelor’s degree from an accredited college / university. Management degrees MS, M. Tech or MBA in relevant field would be an added advantage.
•    Preferred Certification: 
o    Any SIEM certification will be an added advantage
o    Certified Ethical Hacker (CEH)
•    Demonstrated experience in conducting security investigations

WORK SCHEDULE OR TRAVEL REQUIREMENTS 

2 PM to 11 PM / 5 PM to 2 AM. No travel.