Lead - SOC & Blue Teaming

Reporting Structure

Reports to Senior Cyber Security Architect

Job Location

Hyderabad – WFO (5 Days)

Education

·       University bachelor’s degree with specialisation in the field of computer Science/IT or Engineering Graduate/PG in CS/EXTC/IT Allied branches or B. Tech or BCA (Informatics, Engineering, Networking, Cyber Security)

•          Overall 6-8 years of experience and relevant experience of 4 - 6 years in the field of information security operations, Information System experience implementing security measures for sensitive financial data and transactions, preferably within the financial or banking sector.

•          Exposure to the Banking / Finance / Payment industry domains would be preferrable.

•          Hands-on experience in the following areas:

•          Writing Information security policies, procedures, and processes.

•          Conducting risk assessment covering Cyber Security domains as noted below:

•          Handon experience for detection, prevention, and remediation of increasing sophistication of attacks and adversaries.

•          Evaluating all present issues through cybersecurity audit.

•          Educating security teams on new security controls.

•          Configuring firewalls and user restrictions.

•          Integrating incident management systems.

•          Automating security processes and network security.

•          Conducting hardening techniques.

•          Developing a defensive strategy and protocols for incidents.

•          Regular Risk assessment Identifying and prioritizing protection resources for key assets in danger of exploitation.

•          Experience in monitoring and detection systems by using packet sniffing devices, SIEM systems, IDS, and IPS etc.

•          Threat Detection and Threat Hunting: Monitoring of indicators of compromise (IOCs) using SIEMs or EDRs and active threat search with SIEMs or EDRs.

•          Conduct simulated attacks on the organization's computer systems or physical locations

•          Identify and exploit vulnerabilities, weaknesses, and gaps in the security systems and policies.

•          Report findings and recommendations to the organization.

•          Provide feedback and training to the blue team.

•          Stay updated on the latest trends and developments in the security field.

•          Work collaboratively with other red team members and clients.

•          Excellent communication and interpersonal abilities for collaborating with technical and non-technical stakeholders.

Industry experience preferred

•          Information technology / Banking and Financial services / Cyber Security consulting firm | Product.

Role & Responsibilities

•          • Blue teams optimize security operations center (SOC) and improve event management protocols.

•          Establish the tactics, techniques, and procedures (TTPs) needed to achieve the desired security strategy.

•          Responsible for analyzing data collected from various cybersecurity defense tools to mitigate risks.

•          Able to execute three-step methodology to achieve those goals such as Current state, Target state and integrate.

•          Responsible to execute risk assessments to define a system's defence standards and risk exposure identifying critical vulnerabilities, demonstrating strong problem-solving and analytical skills.

•          Responsible for document the importance of each asset and define the business impact of a breach or absence.

•          Responsible for coordination with senior management, blue teamers implement any possible improvements and configurations.

•          Responsible to perform gap analysis and communicate what defensive procedures and intrusion prevention systems the business will integrate. Upon completion, monitoring tasks.

•          Responsible for automating security processes, managing incidents, and gathering threat intelligence.

•          Responsible to conduct/perform a risk assessment by identifying threats and weaknesses these threats can exploit after obtaining data and documenting what needs to be protected.

•          Responsible to perform regular maintenance, blue teams will perform DNS audits, scan internal and external networks for vulnerabilities, and capture network traffic samples.

•          Responsible for analyzing digital evidence from computer security incidents to derive useful information in support of system and network vulnerability mitigation.

•          Responsible for investigating, analyzing, and responding to network cybersecurity incidents.

•          Responsible for identifying and assessing the capabilities and activities of cybersecurity insider threats; produces findings to help initialize and support law enforcement and counterintelligence activities and investigations.

•          Responsible for investigating cyberspace intrusion incidents and crimes. Applies tactics, techniques, and procedures for a full range of investigative tools and processes and appropriately balances the benefits of prosecution versus intelligence gathering.

•          Responsible for identifying, collecting, examining, and preserving digital evidence using controlled and documented analytical and investigative techniques.

Preferred Certifications

•          Certified SOC Analyst (CSA).

•          Blue Team Level 2 (BTL2) – Security Blue Team.

•          Certified CyberDefender (CCD).

•          GIAC Security Essentials (GSEC).

•          GIAC Security Operations Certified (GSOC).

•          GIAC Certified Detection Analyst (GCDA).

•          CompTIA CySA+ (Cybersecurity Analyst).

•          Microsoft SC-200: Security Operations Analyst Associate.

•          Certified Incident Handler (GCIH).

•          Splunk Core Certified Power User / Enterprise Security Certified Admin (for SIEM-heavy environments