Cloud Engineer III-SOC Analyst
Insight Enterprises
- Gurgaon, Haryana
- Permanent
- Full-time
- The scope of the Security Engineering Support and SOC/CFC defined here is based on the monitoring, management, and optimization of Security Services within client’s environment.
- All Security Engineering Support Services and SOC/CFC defined here are delivered in English for verbal and written communication.
- All Security Engineering Support Services and SOC/CFC defined here are delivered on a 24x7x365 basis.
- The Security Engineering Support Services and SOC/CFC defined here are delivered remotely using Insight’s Global Delivery Network, which includes personnel in India, North America, Europe, Asia Pacific regions.
- Minimum 4-5 years’ experience.
- SKILLS: Cyber Threat Analysis – EDR (Carbon black). SIEM Tools - Splunk and ELK. Familiar with cloud environments. Security Tools – Anti Virus (McAfee ePO). Host based forensics: windows (eric Zimmerman tools, KAPE to collect artifacts) Malware Analysis: behavior-based malware analysis. Ticket and Reporting tools: Archer and Service Now. Scripting: Python for simple scripts. Log analysis. Basics of network penetration testing. Wireshark, Security, Analyst, Endpoint Security, Cyber Security, Network Security, Threat Analysis, IBM QRadar, Azure Sentinel, Palo Alto
- Monitor and analyze data flow to identify, block and remediate malicious behavior or files for the infected host using EDR tools.
- Conducting Forensic analysis based on the criticality of the incident for understanding the root cause.
- Research and recommend solutions for incident response and co-ordinate with internal teams (IT, Engineering, Audit/Compliance, HR/Legal, threat intelligence team) to eradicate the threat.
- Proactively hunting for suspicious activities and processes on Windows platform with EDR tool that allows to analyze and hunt for suspicious or malicious activities.
- Performing advanced prevention capabilities like custom whitelisting, custom blacklisting, malware blocking, exploit blocking, and IOA-based prevention (Indicators of Attack).
- provide suggestions on fine-tuning to optimize existing SIEM rules and SOAR processes, to improve detection accuracy and reduce false positive alerts.
- Conducted analysis for cyber investigations on Ransomware, network intrusion incident response and Business E-Mail Compromise.
- Actively participate in large-scope high-impact cyber breaches and assist in the management of investigative workflows and activities to support response and remediation.
- Utilize industry-standard, open-source technology, and self-developed tools to execute large-scale investigations.
- Draft communications, assessments, and reports that may be both internal and customer-facing, to include leadership and executive management.
- Focusing on real-time monitoring and analyzing logs from various security appliances.
- Hands-on experience with SIEM, Microsoft 365, QRadar, Forensics and Azure Sentinel SIEM tools for log monitoring and analysis.
- Knowledge of networking concepts, including OSI layers, subnet, TCPIP, ports, DNS, DHCP, firewall monitoring, and content filtering.
- Experience in handling and mitigating attacks related to malware, viruses, spoofing, phishing, and email monitoring.
- Carrying out log monitoring and incident analysis for various devices such as End points, Firewalls, IDS, IPS, database, web servers.
- Education: B.E/B.Tech/Graduate/