Experience and Skillsets required:
- At least 3-5 years experience of Cyber security / operations in a global organisation
- Must have prior experience in SOC, investigating security incidents and performing RCA of such incidents.
- Must be used to operating within SLA's across different incident types including response times and remediation times
- Should have experience in threat hunting across multiple environments - Cloud and on-premise
- Must have prior experience on at least 3-4 tools, such as Tripwire, CyberArk, Symantec DCSA, Email gateway, EDR, Tufin or any other firewall audit tool.
- Experience with penetration testing tools and vulnerability management such as Nessus, Rapid7, Kali Linux, NMAP, OWASP-Zap, BurpSuite Etc
- Must have experience in using SIEM products such as Qradar, Logrhythm, AlienVault, Sentinel, Accenture MSS etc., creating advanced co-relation rules, administration of SIEM, system hardening, and Vulnerability Assessments
- Should have clear understanding of Network and its concepts.
- Must have good knowledge and understanding of firewall rule base analysis and suggest remediation based on the findings. Should have expertise on TCP/IP network traffic and event log analysis.
- Should be able to handle all security alerts Review the alerts and respond accordingly. This involves working with different groups and ensuring that all the alerts are closed in a timely manner. Must have detailed analytical skills and be able to translate findings into clear and understandable insights.
- Should be able to contribute toward Threat Intelligence & brand monitoring process, which involves researching, & reporting on newly identified vulnerabilities in the wild and understanding its implication on Travelex infrastructure.
- Should have basic working knowledge on firewalls, IDS/IPS.
- Should have experience in managing security incidents/breaches and perform investigations/reporting as required.
- Ability to find opportunities for automating repeatable tasks in order to focus on value-adding activities.
- Strong knowledge of Information security Concepts (e.g. Operating System Security, CVSS score, Malware/Virus/Trojan, Cryptography, Vulnerability, Secure/Insecure ports and services etc.)
- Must keep abreast of Cyber Security trends, attack types, risks, and intelligence.
- Must have experience in writing and maintaining SOP's
Required
- More than 3 years of Experience in Security Operations Center (SOC)
- Experience in SIEM (QRadar)Integration
- Security Incident analysis and investigation
- Good understanding of AWS cloud
