Job closed
Job description / Role
Responsibilities
Primary (IR and VAPT)
• Be responsible for L3 IR Operations
• Coordinate with Systems/Application/Network teams to onboard devices to the Monitoring Platform and
Log Server.
• Help L2-Vendor SOC team with Access issues, VM provisioning, LOG collections issues.
• Receive L3 tickets from L2-Vendor SOC team and Government SOC team. Mitigate security Incidents.
• Create and assign tickets in internal ticketing systems BMC Remedy.
• Manage EDR platform
• Work unsupervised, and interact with Vendor SOC and Government SOC.
• Interface with Systems, Network and Application teams to resolve incidents
• Closely Work with Helpdesk team to mitigate incidents in school network.
• Correlates activity across networks to identify trends of unauthorized use
• Analyze Windows, and Linux systems to identify Indicators of Compromise (IOCs)
• Researches emerging threats and vulnerabilities to aid in the resolution of incidents
• Conduct triage, event correlation, classification and analysis of these events such that incidents are investigated and logged or followed-up using the existing information risk incident management processes
• Provide pro-active feedback which will enable improvement of the current L0/L1 monitoring rules.
• Conduct vulnerability assessment using open-source tools and Qualys
• Consume VAPT assessment results to act and remediate findings
Ad-Hoc
• Expert member to support Systems/Network team by working with vendor or opensource tools/support/threat intel platforms/forums
• To whitelist a website based on business need,
• Re-classify/analyze false positives by antivirus tools
• To fine-tune policies on anti-virus clients, firewall, cloud email tools and check their efficacy
• To analyze applications/website categories/risk
• To integrate threat intel (qcert, moi, vendor) with security tools
• To routinely check protection status on hosts/services.
• Work closely with security vendors for integration troubleshooting and upgrades
General
• React quickly, and decisively in high-stress, high-impact situations.
• Follow ITSM and SOC processes
• Keep a record of all activities and update operations guide.
• Produce incident reports for major incidents.
Requirements
• Minimum 7 years of experience working in a SOC environment.
• Responsible for all L3 Incident Response operations.
• Experience with SIEM tools – Spunk.
• Experience with Network and Host Forensics, Packet Analysis, Netflow Analysis.
• Experience in vulnerability assessment and threat intelligence.
• Preferred Certifications – SANS GHIH, CISSP.
• Must be available in one month.
About the Company
Founded in 1996, Halian is an IT services company with a strong track record of delivering value for our customers across the UK, Europe, The Middle East and Africa.
The experience we have gained means that we can help our clients reduce information technology costs, increase IT systems performance, and free up valuable internal resource to focus on core business activities. Our knowledge base covers a variety of industry sectors including Government, Healthcare, Telecommunications and Pharmaceuticals, as well as a specialist Financial markets capability in our Luxembourg office.
We operate with a culture of openness and trust that helps us to develop strong working relationships with our clients and with our core technology partners Dell, Oracle, Red Hat and Symantec.
Our three key service offerings of Managed Services, Resourcing Services and Professional Services can be used independently or integrated to provide a truly comprehensive service.