Position: SOC Lead - MDR (SOC)
Experience Range: 6+ years
Key Responsibilities
- Ensure all threats at customer environment are detected and notified in timely manner.
- Ensure customer deliverables are being provided as per agreed service level agreements.
- Understand customer requirements and translate these into service outputs.
- Keep track of scope and scope deviations, scheduled and adhoc deliverables.
- Work with platform administration function to ensure integration of new devices, ensure health of monitoring infrastructure.
- Ensure threat scenarios and operating procedures are in line with best practices and customer expectations.
- Strong analytical and technical skills in computer network defence operations
- Incident Handling (Detection, Analysis, Triage)
- Hunting (anomalous pattern detection and content management).
- Prior experience of investigating security events.
- Should be able to distinguish incidents as opposed to non-incidents.
- Working knowledge of
o operating systems
o network technologies (firewall, proxy, DNS, Netflow)
o Active Directory
o Network communications and routing protocols (e.g., TCP, UDP, ICMP, BGP, MPLS, etc.)
o Common internet applications and standards (e.g., SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.).
- Identify Gaps and Proactively fix what is Committed vs Delivered:
o Monitoring log sources as per scope are very crucial to SOC operations. SOC Lead should ensure governance and validity of in-scope/out-of-scope log sources.
o Ensure that each log source has use cases, hunting models, and no threat detection aspect is getting missed.
o Gap analysis based on customer domain / business applications / technology deployed etc:
- SPOC: Response to client problems/requirements:
o First response to the customer queries and complete ownership till query is addressed.
o Log source integration/decommission etc.
o coordinating with other internal units within Atos for timely response to client.
- Show value/benefits of the delivery (MDR) during MIS/QBR meetings
o Timely closure of operational tasks
o Articulate SOC value add, proactive threat detection, new feature releases, etc. in MIS/QBR meetings.
The candidates should have:
- Minimum 6-year total experience with minimum 3+ years in a security operations environment
- Have minimum 2 years’ experience managing a team of people.
- Have minimum 2 years’ experience in client facing roles.
- Good understanding of SIEM SOC concepts and operations
- Clear technical and operational understanding of areas worked in
- Good verbal & written communication skills
Qualification:
- Engineering graduate – preferably B.E. /B tech in I.T of Computer Engineering
- One Certification Preferred – CCNA or CEH
Work Schedule: General Shifts