Monitor security alerts and logs from various platforms such as SIEM (Security Information and Event Management), IDS/IPS (Intrusion Detection System/Intrusion Prevention System), firewalls, and endpoint protection systems to detect malicious activities.
Perform initial analysis and investigation of security alerts to differentiate false positives from genuine threats.
Escalate incidents to higher-level SOC analysts/engineers as per the escalation procedures.
Document and report on incident findings and actions taken in a clear and concise manner.
Participate in developing incident response plans and procedures.
Assist in the maintenance and fine-tuning of security monitoring tools to improve detection capabilities.
Stay updated with the latest security news, vulnerabilities, threats, and technology trends.
Participate in knowledge sharing with other team members to contribute to the SOC's collective intelligence.
Experience
Installation, configuration and troubleshooting of Firewall, WAF, Proxy, SIEM
Knowledge of Configuring and Deployment of firewall like Fortigate, Gajshiled, Cyberroam, Sonicwall, and CheckPoint
Knowledge of Configuring and Deployment of SIEM for security logging of devices and application.
Configuration and troubleshooting of VPN- such as IPSEC (Site-to-Site and Remote) and SSL
Configuration and troubleshooting of End point security for data leak prevention and web security controls like McAfee ePO and Sequrite
Certifications in security, such as CISA, CEH, CISSP, CISM, CRISC (anyone).
