Experience/ Qualifications

• 1-4 years of working experience in a security operations centre.

• Strong knowledge of incident management, and change management best practices

• A high level understanding of multi-tiered applications, load balancing and firewalls.

• Hands on experience of either network security, intrusion prevention system, System information and event management (SIEM), integrating servers/ devices/ application with SIEM, co-relation rules creation is desirable.

• Knowledge of WAF, PIM, DAM and Vulnerability assessments would be an added advantage

• Awareness of threat intelligence feeds utilized to publish security advisories from various external intelligence parties is desirable.

Responsibilities

• Incident Management for Security Operations Center.

• Review alerts raised by the SIEM, analyze the events and classify them

• Ensure tickets are logged in the IT ticketing system

• Follow up on closure of the tickets with the relevant stakeholders.

• Report on exceptions, highlight delays in incident closure

• Assist in developing SOC vision, align to business, and build a roadmap to achieve it. Publish security advisories obtained from 3rd Party intelligence sources.

• Maintain Inventory of use cases in production in liason with the SIEM administration team.

• Ensure that all servers, key applications, networking devices, security devices are integrated to SOC.

• Ensure that all attacks on RBI information system are detected and managed

• Willing to work in 24/7 operation