L3 SOC Manager

As part of the AiCyberwatch SOC team, the L3 Analyst/SOC Manager will play a key role in our continued growth. AiCyberwatch is currently seeking experienced SOC analysts to help us manage our growing business. We are seeking candidates with proven skills in SOC operations and having a desire to continuously learn & grow in the fast growing field of cyber security.

AiCyberwatch is a Strategic Business unit of NGBPS LIMITED, a closely held Public Limited Company incorporated in the year 1995. The Company has deployed North India’s first ANSI/TIA- 942, Tier-3 Certified Data Center and has an advanced Cloud Platform, set-up in association with HP, offering Data Center Co-location and Cloud Computing Services under the name and sign of Netdatavault.

AiCyberwatch boasts of an AI and ML enabled Security Operations Center as a Service (SOC) offering, in partnership with world leaders, to provide Cyber Security Services to Enterprises across India, Asia, US and the Middle East. Additionally, we are providing DLP, PIM, PAM, VPN, AV & Patch management services, etc.

The L3 Analyst/SOC Manager will drive regular operations, continuous improvement processes & ongoing client/vendor interactions. The individual will also be responsible for building & grooming teams in the long run. This opportunity is for experienced professionals with a strong passion for helping firms improve their cyber security posture. The person receives incidents escalated from L2, gets to manage most complex findings and work towards remediation of the incidents found. He/she continuously operates the Security Incident process, driving the resolution of identified issues, as part of the team, bringing the necessary experience and expertise above the existing L2 SOC level.

Desired Skills and Experience

• Masters degree (preferred) with 8-10 years of experience in SOC operations
• Strong communication skills both written and oral, should be able to communicate effectively with
  internal teams & external stakeholders.
• Should have experience of working on mid & large enterprise clients
• Good understanding of ITIL processes, including Change Management, Incident Management and
  Problem Management
• Should have strong expertise on multiple SIEM tools & other devices found in SOC environment
• Should have good knowledge in firewalls, IDS/IPS, AVI, EDR, Proxy, DNS, email, AD, etc.
• Good understanding in raw Log formats of various security devices like Proxy, Firewall, IDS/IPS
  DNS
• Solid foundational understanding of networking concepts (TCP/IP, LAN/WAN, Internet network
  topologies)
• Should possess relevant certifications like CEH, CISA, CISM etc.
• A strong work ethic with good time management skills
• Coachability; you’re interested in implementing feedback and dedicated to consistent improvement
  of your craft.
• Ability to mentor and encourage junior teammates in order to build a cohesive, motivated unit
• Be the key person for developing Thought Leadership within the SOC

Location – Mumbai/Delhi NCR

Key Duties & Responsibilities

• Review cyber security events analyzed by level 2 security analysts and play role of team lead
  as the escalation point for in detection, response and remediation activities
• Monitor and guide team to triage of the cyber security events, prioritize and
  recommend/perform the response measures
• Provide technical support for various IT teams in response and remediation activities for
  escalated the cyber security events/incidents by L2 analysts and stakeholders
• Follow up cyber security incident tickets till closure
• Provide guidance for L1 and L2 analysts in analyzing events and response activities
• Intervene and expedite Cyber incident response and remediation related activities in case any
  delay while coordinating with various teams L1, L2 team members.
• Review and provide valuable suggestions while preparations of information security policies
  and best practices in client environments.
• Ensure to meet SLAs and contractual requirements in timely manner, while making effective
  communication to all stake holders
• Review Daily/weekly /Monthly dashboard reports and share with relevant stake holders
• Review all Documents/update playbooks and other standard operational procedures
• Validate client systems and IT infrastructure documentation and ensure all are updated
• Share knowledge with team members on current security threats/trends in attack patterns and
  tools
• Review/ Create new use cases based on new attack trends
• Event Analysis Ability to understand and interpret Windows, Linux OS, firewall, web proxy, DNS, IDS,and HIPS log events. Ability to pivot between events and correlate host and network events. Understanding of Windows and UNIX event logs must be enough to create correlation searches for Windows and Linux events.