Clips

Threads

Jobs

Channels

SOC- SIEM (Splunk) I Consultant

india, Telangana, Hyderabad

Full–time

Posted on: 6 days ago

Key Responsibilities: 2.5years - 7Years
  • Conduct deeper analysis of security events and alerts generated by Splunk & EDR, correlating data across various sources to identify potential security threats.
  • Perform advanced triage, classification, and root cause analysis of escalated security incidents.
  • Utilize the Splunk & EDR platform to investigate complex security events, identifying patterns and relationships in logs to identify potential malicious activities.

    • Incident Escalation and Resolution
  • Escalate high-priority and complex security incidents and work closely with the Level 3 team to get expertise and guidance.
  • Engage with incident response teams to perform deeper forensic analysis and assist with the containment, mitigation, and recovery phases of security incidents.
  • Document and communicate incident findings, ensuring a clear and concise record of the investigation and resolution process.

    • Collaboration and Knowledge Sharing
  • Collaborate with the L1 analysts, L2 peer team, senior engineers, and other stakeholders in the security operations lifecycle to ensure smooth and effective incident handling.
  • Participate in security operations meetings, helping to continuously refine and improve processes.

    • Reporting and Compliance
  • Assist in generating reports for security incident analysis, compliance audits, and management reviews.
  • Support internal and external audits, providing data, logs, and documentation as needed.
  • Help track security metrics and performance indicators to support security operations reporting.

    • Continuous Improvement and Research
  • Stay updated on the latest trends in cybersecurity threats, vulnerabilities, and defense mechanisms to enhance the team's capabilities.
  • Suggest improvements to the security monitoring processes and help implement new detection technologies and methodologies.

    • Desired qualifications
  • Bachelors degree in computer science, Cybersecurity, or related field, or equivalent experience.
  • Minimum of 4-6 years of experience in cybersecurity, IT security operations, or incident response.
  • Prior experience in a Security Operations Center (SOC) or handling security incidents in an enterprise environment.
  • Experience with security monitoring, SIEM platform tuning, and threat detection engineering.

    • Technical Skills
  • Advanced proficiency with Splunk & EDR platforms.
  • In-depth understanding of network protocols (TCP/IP, DNS, HTTP, etc.), security devices (firewalls, IDS/IPS, etc.), and endpoint security technologies (EDR, antivirus, etc.).
  • Hands-on experience with log analysis, data correlation, and incident investigation.
  • Familiarity with threat intelligence tools, data sources, and feeds.
  • Strong understanding of security frameworks, including MITRE ATT&CK, NIST, and OWASP.

    • Preferred Certifications
  • CompTIA Security+, CEH or similar certifications.
  • Splunk, EDR Certified Security Engineer or other relevant certifications.

Location and way of working

Base location: Hyderabad

Professional is required to work from office.