Security Consultant: SOAR

Job Responsibilities

• Experience in advance investigation, triaging, analysis and escalation of security incidents with recommendations
• Hands-on basic experience with configurations and management of SIEM tools(Qradar) including log source integrations, custom parser built, fine tuning and optimizing the correlation rules and use cases recommendations Is MUST.
• Proven Experience on any of the Security information and event management (SIEM) tools using Qradar
• Data-driven threat hunting using SIEM, EDR and XDR tools
• Basic Experience is SOAR tools such as Qradar Resilient, PaloAlto XSOAR
• Identify quick defence techniques till permanent resolution.
• Recognize successful intrusions and compromises through review and analysis of relevant event detail information.
• Playbook developer
• Review incidents escalated by Level 1 analysts.
• Launch and track investigations to resolution. Recognize attacks based on their signatures, differentiates false positives from true intrusion attempts.
• Actively investigates the latest in security vulnerabilities, advisories, incidents, and penetration techniques and notifies end users when appropriate.
• Identify the gaps in security environment & suggest the gap closure
• Drive & Support Change Management
• Report Generation and Trend Analysis. Participate in the Weekly and Monthly governance calls to support the SOC metrics reporting
• Good to have hands on experience with managing SIEM solutions on public/private clouds like Amazon AWS, Microsoft Azure, etc.
• Willing to work in 24x7 rotational shift model including night shift.