Microland Hiring for Sr. Administrator – Security at Bengaluru, Karnataka Full Time

Full Job Description
Additional details
Level
P2
Requirement location
India – Bengaluru
Number of Position
1
Employment type
ML
Cluster/Group
Microland Delivery
Business Unit
RUN – HYBRID DELIVERY UNIT
Department
SOC – Tech Ops
Job Description

Job Code : ML1CYSSIMP2N OVERALL SKILL SET FOR SIEM/SOAR ýff In-depth experience of architecting and supporting on-premise and cloud-based security technologies. ýff Strong security product skills, including experience of operating and supporting the following technologies: – o Endpoint detection and response (EDR) solutions like SentinelOne, Symantec, Tanium, TrendMicro o Security Information and Event Management (SIEM) solutions like Securonix, ArcSight, QRadar, Splunk ýff Knowledge and understanding of cloud security concepts, technologies, and best practices, including but not limited to, automation and secure containerization frameworks, directory services (e.g., Active Directory, LDAP), SSO, One-Time Passwords (OTP), encryption technologies and forensics. ýff Knowledge of and implementation experience with cloud or on-prem security technologies, architecture and best practices that includes hands-on experience on hardening the security environments. ýff Knowledge of and implementation experience with security technologies, including but not limited to, firewalls (WAF or Perimeter) configuration, two factor authentication, PKI, malware and intrusion protection and detection tools. ýff Demonstrated knowledge and understanding of information security industry trends and emerging technologies, and an ability to relate them to the company and its objectives. ýff Demonstrated experience with vulnerability and risk management, including performing security scans and risk assessments to identify potential vulnerabilities, track the remediation of findings to reduce risks. ýff Demonstrated experience and understanding of cybersecurity incident management and response procedures ýff must demonstrate ability to perform and respond well in crisis situations. ýff Demonstrated knowledge and understanding of information security standards, guidelines and frameworks such as ISO 27001/27002, NIST, COBIT or PCI. ýff Experience with maintaining compliance regulatory and legal requirements such as GDPR, PCI. ýff Familiarity with application development life cycle models and issues, especially pertaining to security components. ýff Fluent in one or more programming or scripting languages such as Bash, Powershell, Python, TCL, Java, PHP, Perl, C++, and Visual Basic. ýff Authored SOC SOPs, playbooks, work instructions and/or other process documents Familiarity with Kusto Query Language (KQL) & Splunk Search Processing Language (SPL) and/or Elastic Domain Specific Language (DSL) and/or regex. ýff Good verbal and written communication skills ýff Able to communicate, security and risk implications to technical and non-technical audiences. ýff Ability to work independently managing multiple deadlines and deliverables ýff Self-motivated and driven, capable of handling problems until resolved within accepted time tolerances ýff anticipates problems and identifies long-term implications of decisions and actions. ýff Industry certifications (Desirable): CISSP, CISM, CISA, CCNA – SEC , CEH/OSCP, ITIL V3 Foundation, GCIH, Specific Certification on SIEM, SOAR, EDR etc Job Requirements ýff Good understanding of system security (client, server, system hardening standards)keep up to date with the latest security and technology developments ýff Research/evaluate emerging cyber security threats and ways to manage them ýff Plan for disaster recovery and create contingency plans in the event of any security breaches ýff Monitor for attacks, intrusions and unusual, unauthorised or illegal activity ýff Test and evaluate security products ýff Design new security systems or upgrade existing ones ýff Fine tunning of existing Security monitoring systems ýff Use advanced analytic tools to determine emerging threat patterns and vulnerabilities ýff Engage in, simulating security breaches ýff Identify potential weaknesses and implement measures, ýff Investigate security alerts and provide incident response ýff Monitor identity and access management, including monitoring for abuse of permissions by authorised system users ýff Liaise with stakeholders in relation to cyber security issues and provide future recommendations ýff Generate reports for both technical and non-technical staff and stakeholders ýff Maintain an information security risk register and assist with internal and external audits relating to information security ýff Monitor and respond to ‘phishing’ emails and ‘pharming’ activity ýff Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues ýff Give advice and guidance to staff on issues such as spam and unwanted or malicious emails. ýff Ability to use email / web / network / security tools / systems logs to analyze ongoing incidents / define mitigation actions / conduct investigations ýff Agile development & maintenance of automation script/tools to scale cybersecurity work across the organization ýff Develop custom integrations, data correlation, and processing strategies to reduce cybersecurity risk ýff Collaboration with SOC to assist in recovering from security breaches; participates in investigation and remediation of security incidents. ýff Writing scripts to automate daily SOC tasks ýff Creative, dynamic, open minded, pro-active, and enthusiastic ýff Result-focused, able to work under pressure ýff Honest, willing, and able to take the lead and to delegate tasks where necessary ýff Should be comfortable working in 24/7 shifts Roles and Responsibilities: o In addition to over all skill L2 need to act as the coordinator and response to individual information security incidents o Mentor security analysts at L1 regarding risk management, information security controls, incident analysis, incident response, console monitoring, and other operational tasks in support of technologies managed by the Security Operations Centre o Should have ability to handle escalated incidents o Need to Build awareness of customer environment and perform alert analysis with this enhanced knowledge o Ability to do advance reporting that would help understand the trends on alerts and help in fine tunning of the alerts o Perform threat assessments which includes holistic estimations of threats posed by various actors o Review of Vulnerability assessments and ensuring compliance of systems as per standards o Document incidents from initial detection through final resolution o Participate in security incident management and vulnerability management processes o Participate in evaluating, recommending, implementing, and troubleshooting security solutions and evaluating IT security of the new IT Infrastructure systems.