-Very good knowledge on SOAR and Python for implementation, Playbook creation and platform. To carter any technical question from clients and drive implementation and operations BAU's for SOAR
- Take end-to-end responsibility to manage / resolve L3 level incidents, customer concerns, soc operation for customer.
- Take full accountability of incidents related to SOAR and pertaining to SOC operations
- Work on documentation of SOPs and RCA's
- Good knowledge on IOA's, Incident response, and Playbooks
- Good to have knowledge on scripting, Python.
- Act as coach and mentor to junior Operations/Implementation Engineers and Technicians
- Co-ordinate with Specialist / Lead to resolve complex problems
- Take ownership of at least 2 technologies according to domain or specialization
- Support Specialist / Sr. Specialist in effective execution of the project
- Perform skills gap analysis and upskill team members wherever needed
- Maintain strong relationship with all proejct stakeholders
- Be the immediate contact person for the client
- Create and maintain SOP documents.
- Deliver technical tasks of complex nature as per the timelines assigned
- Maintain activity log, SLA details and other critical information necessary for the smoother execution of project
- Resolve all technical issues / queries which are assigned / esclated
- Partner with other cross-functional teams and client teams to provide effective resolution
- Guide and share information with other analysts and teams
- Use case creation, content development, playbook creation and automation with APIʼs will be added advantage.
- Automation of all L1 & L2 activities,
- Single point of contact to the client stakeholders
- Improvise threat hunting capabilities of the technology using Automation
Continuous development of analytical, statistical, mathematical models leveraging AI/ML capabilities of the
technology to threat detection and prediction capabilities and put in place advanced use cases
- Continuous fine tuning of configuration, rules, policies etc. Continuous innovation and automations in intuitive dashboards, report, queries.
- Optimization of response time to fetch data, logs in advanced queries, reports, dashboards etc.
- Provide on the job training to the client and the team.
- Participate in client meetings, discussions etc.
- Interfacing with senior management,
- Establishing communications with appropriate team members and business units, providing status updates
Reporting, tracking, monitoring, and closing out incident response issues with proper RCA.
- Interacting with internal business units to address incidents and support investigations.
- Being the focal point for critical security events and incidents. The incident handler will serve as an SME while providing recommendations and guidance to the respective business units and to the SOC lead for escalation and remediation.
- Handling, responding, and documenting all events or incidents that require escalation from
level 2 or level 1 analysts.
- Leading efforts in monitoring, reporting, and responding to information security incidents. Based upon external threat indicators, industry trends, and lessons learned, the incident handler recommends controls and process improvements.
- Being responsible for facilitating incident management team exercises and events
- Above is illustrative list of general activities. Technology specific activities shall be arrived at in consultation with the Client Project Manager.
