Senior SOC Engineer
Bengaluru - AGS
Alcon
Our mission is to provide innovative vision products that enhance quality of life by helping people see better. From vision research to eye health, learn more at Alcon.com.Job Description SOC L3 (Level 3)
The Alcon Security Operations Center (SOC) is responsible for monitoring, detecting, analyzing, and performing incident response to cyber threats against Alcon applications, platforms, networks, and information. The environment includes local area networks/wide area networks (LAN/WAN), Internet connections, public facing services & websites, wireless, mobile/cellular, cloud-based applications, and services (IaaS, PaaS, SaaS), security devices, servers, end-user workstations and laptops, production manufacturing, and various other 3rd party connections & services.
Duties include:
- Administer and maintain the organization's SIEM (Security Information and Event Management) platform to monitor, analyze, and respond to security events and incidents effectively.
- Configure and customize SIEM rules, alerts, dashboards, and reports to meet the organization's security requirements and compliance standards.
- Perform regular health checks, tuning, and optimization of SIEM infrastructure to ensure optimal performance and maximum effectiveness.
- Monitor SIEM logs and alerts, investigate security incidents, and provide expert-level analysis and response to security events.
- Collaborate with SOC (Security Operations Center) analysts to triage, prioritize, and escalate security incidents based on severity and impact.
- Conduct regular SIEM platform upgrades, patches, and version migrations, following best practices and change management processes.
- Develop and maintain SIEM documentation, including configuration guides, standard operating procedures (SOPs), and knowledge base articles.
- Provide mentorship and training to junior team members and SOC analysts on SIEM administration best practices and techniques.
- Coordinate with vendors and internal stakeholders for SIEM platform integrations, upgrades, and troubleshooting as needed.
- Stay current with emerging SIEM technologies, trends, and threats, and make recommendations for continuous improvement of the SIEM environment.
- Manage and maintain the organization's SIEM (Security Information and Event Management) platform to monitor, analyze, and respond to security events and incidents.
- Implement and manage Data Loss Prevention (DLP) solutions to safeguard sensitive data and prevent unauthorized data exfiltration.
- Administer Endpoint Detection & Response (EDR) systems to detect, investigate, and remediate security threats on endpoints.
- Configure and maintain Security Orchestration and Automation (SOAR) platforms to streamline security operations and automate response actions.
- Monitor and manage Intrusion Detection/Prevention Systems (IDS/IPS) to detect and prevent malicious activities and network intrusions.
- Provide support for ARMIS platform, focusing on troubleshooting and issue resolution, while collaborating with SOC analysts for effective incident response.
- Utilize ServiceNow for case management, including ticket creation, tracking, and resolution of security-related incidents and requests.
- Ensure the security of cloud environments by implementing and managing cloud security solutions and best practices.
- Offer support for Saviynt platform, assisting with user access management, identity governance, and compliance requirements.
- Provide assistance for Site Manager and Zscaler platforms, focusing on support activities and issue resolution as needed.
- Act as a point of escalation for L1 & L2 engineers in support of investigations.
Required Education and Skills:
- Bachelor of Science from accredited institution.
- Strong knowledge of incident management, problem management and change management best practices.
- Superior communication skills and ability to brief senior government officials.
- 7+ years of Information Security / Cybersecurity experience.
Desired Skills and Certifications
- Experience networking and telecommunications integration, design, and architecture.
- Hold at least two relevant industry certifications (GCIH, GCED, CISSP, CEH, GMON etc.)
- Understanding of SIEM tools such as Splunk, FireEye Helix, ArcSight, Microsoft Sentinel, McAfee Nitro, etc.
- Experience building and maintaining a high-performance team of analysts.
- Expertise with industry standard frameworks (ISO, NIST, PCI).
- Experience maintaining metrics and SLAs.
- Self starter and should be able handle platforms independently.
Desired Skills and Certifications
- Experience networking and telecommunications integration, design, and architecture.
- Hold at least two relevant industry certifications (GCIH, GCED, CISSP, CEH, GMON etc.)
- Understanding of SIEM tools such as Splunk, FireEye Helix, ArcSight, Microsoft Sentinel, McAfee Nitro, etc.
- Experience building and maintaining a high-performance team of analysts.
- Expertise with industry standard frameworks (ISO, NIST, PCI).
- Experience maintaining metrics and SLAs.
ATTENTION: Current Alcon Employee/Contingent Worker
If you are currently an active employee/contingent worker at Alcon, please click the appropriate link below to apply on the Internal Career site.
Find Jobs for Contingent Worker
Alcon is an Equal Opportunity Employer and takes pride in maintaining a diverse environment. We do not discriminate in recruitment, hiring, training, promotion or other employment practices for reasons of race, color, religion, gender, national origin, age, sexual orientation, gender identity, marital status, disability, or any other reason.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: ArcSight Automation CEH CISSP Cloud Compliance EDR GCED GCIH Governance IaaS IDS Incident response Intrusion detection IPS Monitoring NIST PaaS SaaS Sentinel SIEM SLAs SOAR SOC Splunk
Perks/benefits: Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Security Operations Engineer jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Product Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Penetration Tester jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Consultant jobs
- Open Senior Information Security Analyst jobs
- Open IT Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information System Security Officer jobs
- Open Information Security Architect jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open Network security-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open CISA-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open EDR-related jobs
- Open PowerShell-related jobs