Senior Security Analyst/SOC Lead
As a Senior Security Analyst, you will be responsible for various security operations tasks like configuration and execution of changes on security controls & technologies, triage of security incidents and follow-up on remediation activities. If you thrive in a dynamic and collaborative workplace, have a passion to cyber security and you are eager to continuously learn and develop your technical skills, IBM provides you an environment where you will be challenged and inspired to grow every single day. And if you relish the freedom to bring creative, thoughtful solutions to the table, there’s no limit to what you can accomplish here.
Responsibilities
• Analyze events, flows, alerts and advance analysis of Potential Security incidents.
• Correlate events and find tuning opportunities to have a healthy environment on customer’s
• console
• Work with customers during crisis times to help mitigate the crisis and better client security posture to ensure crisis does not occur again
• Make recommendations to clients about increasing security
• Analyze traffic trends across customer base for large trends
• Report Security Events and make customer escalations based on traffic analysis
• Work with client to help remediate and answer questions regarding security events
• Identify trends in traffic and make recommendations to clients based on trends
• Develop and deliver customer presentation regarding security and enhancing their security
• posture
• Work with Vendors and R&D teams to address new threats
• Stay abreast of current and upcoming threats
• Participate in regular meetings with teams to determine appropriate actions required to address
• new developing Security Threats
• Participate in Client calls to tune security policy to client need
• Design, Implementation of SIEM Use-cases, Reports & Dashboards
• Follow up on remediation actions for security incidents.
• Configuration and Management of Endpoint security technologies including Next Generation EPP, EDR and Deception.
Must have
• At least 3year experience in Network Troubleshooting
• At least 2 years experience in Intrusion Detection/Prevention
• At least 3 years experience in Operating System Skills
• At least 3 years experience is analyzing of security events and incidents.
• At least 2 years of experience in Qradar SIEM.
• At least 3 years of experience in operations of security controls.
• Working knowledge of systems communications from OSI Layer 1 to 7 and experience in identifying and implementation security control at each of the layers.
• In-depth working knowledge of TCP/IP, protocols and packet analysis.
• Strong knowledge in threat areas and common attack vectors.
• Scripting or Automation knowledge is desirable
• A problem solver mentality with a can-do attitude.
• An ambitious individual who is passionate about all technical and is always eager to learn and improve their skills.
Must have certifications
• GCIA certifications
• CySA+ certifications
Additional certifications preferred to have
• CISSP
• Security+
• CEH
• CCNA or any other network certification