Assistant Manager - Customer Security Operations

Job Family Descriptor

Manage customer queries related to all services and solutions delivered includes complex customer issues diagnosing and thereby resolving and fixing Act as a conduit between customer and other teams such as engineering architecture etc for any issue resolution Provide L2L3 support to resolve hardwaresoftware issues by applying tehnical expertise

Broad outline of the Role

Purpose - Broad objective of the role

Operating Network - Key External

Roles/Responsibilities Extensive Experience of LogRhythm SIEM/EDR implementation and administration

• Must have good understanding of SOAR, UEBA, EDR technologies and of various threat intel platform, Anti phishing, Anti Malware NBAD etc..
• Responsible for conducting information security investigations as a result of security incidents identified by the Level 1 security analyst who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone).
• Act as a point of escalation for Level-1 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques.
• Should have experience in developing new correlation rules & Parser writing

Operating Network - Key Internal

• Experience in Log source integration
• Act as the lead coordinator to individual information security incidents.
• Mentor security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks (tools, techniques, Procedures) in support of technologies managed by the Security Operations Center.
• Document incidents from initial detection through final resolution.
• Responsible for coordinating with OEM wherever required
• Escalate incident to next level

Size and Scope of Role - Financial

• Participate and manage in security incident management and vulnerability management processes.
• Coordinate with IT teams on escalations, tracking, performance issues, and outages.
• Works as part of a team to ensure that corporate data and technology platform components are safeguarded from known threats.
• Communicate effectively with customers, teammates, and management.
• Perform in-depth incident and event analysis
• Prepare Monthly Executive Summary Reports for managed clients and continuously improve their content and presentation.
• Provide recommendations in tuning and optimization of security systems, SOC security process, procedures and policies.
• Define, create and maintain SIEM correlation rules, customer build documents, security process and procedures.

Size and Scope of Role - No. of direct reports

• Follow ITIL practices regarding incident, problem and change management.
• Staying up-to-date with emerging security threats including applicable regulatory security requirements.
• Maintain an inventory of the procedures used by the SOC and regularly evaluate the SOC procedures and add, remove, and update the procedures as appropriate
• Follow ITIL practices regarding incident, problem and change management.
• Staying up-to-date with emerging security threats including applicable regulatory security requirements.
• Maintain an inventory of the procedures used by the SOC and regularly evaluate the SOC procedures and add, remove, and update the procedures as appropriate
• Publish weekly reports to applicable teams
• Generate monthly reports on SOC activity

Size and Scope of Role - Total team size

• Secondary skills like AV, HIPS, DCS, VA/ PT desirable
• Conduct research on emerging security threats
• Modify Standard Operating Procedures (SOPs) and training documentation.
• Coach junior team members.
• Reporting and provide information to L3 Engineer.
• Log incidents and track them via incident management tool (Manage engine)
• Have a solid understanding of enterprise environments including networking, web services, databases, operating systems, etc.
•  

Size and Scope of Role - Other size parameters

• Experience in Cyble Deep & Dark, threat Intelligence platform. IZOOlogic for Brand Protection threat or similar Intel intel platforms. Anti phishing,  Anti Malware.
• Ensure SLA are achieved & work proactively to maintain the same.
• Keep track of latest threats and vulnerabilities
• Min. 6 years’ experience from a security analysis role and from BFSI vertical will be added advantage

Minimum qualification & experience

Experience / Skills/Qualifications

Education Qualification – Any Graduation/Intermediate/ Diploma with minimum 60%

Certification – Any one CISSP/CEH/ CCIE.  Log Rhythm SIEM/Checkpoint technical certification is added advantage

 

Other knowledge/skills

Key Responsibilities

Technical Competencies

Knowledge / Skills