What’s the role?

As a Fusion SOC Shift Lead you will support the Security Operations Center (SOC) as a lead, performing threat actor-based investigations, recommending detection methodologies, and providing expert support to incident response and monitoring functions.

Responsibilities

  • Act as the main interface point between Service Delivery Managers and SOC service teams
  • Act as an escalation point and/or SME for all advanced security incident escalations from L1 analysts
  • Responsible for all SOC shift activities
  • Perform review and final sign off-of all runbooks and playbooks
  • Assign and prioritize tasks/tickets to the SOC shift team
  • Manage ticket queues including escalation of outstanding tickets, tickets requiring updates, and escalation of open tickets where necessary
  • Provide guidance on process and procedures specific to the clients monitoring environment
  • Responsible for meeting Service Level Agreement (SLA) requirements
  • Ensure quality standards are being met by doing ticket audits and reviewing and completing shift turnover logs
  • Responsible for leading SOC shift handover calls
  • Provide continuous improvement and on the job training (OJT) for SOC analysts
  • Manage PTO requests and other schedule issues that impact SOC operations
  • Coordinate with Cyber Security Engineers to resolve Security information and event management (SIEM) health issues
  • Coordinate with Service Delivery Managers (SDMs) to enforce specific client requests and provide monitoring updates
  • Coordinate with SDM to process and complete non-JIRA incidents
  • Monitor and provide feedback/guidance on incident tickets on trends, patterns and anomalies
  • Point of escalation for operations/security issues
  • Ensure quality of FMS SOC service delivery, including policies and Service Level Agreements are met
  • Assist with analytic investigative support of large scale and complex security incident
  • Communicate SOC client service delivery issues to SDM and coordinate remediation
  • Attend client calls as and when needed to assist SDMs with dissemination of security and event information
  • Familiarity with tools such as: IDS/IPS, DLP, Proxy, WAF, EDR, AV, MVM, Sandboxing, FWs, Threat Intel, Pen Testing, APT
  • Analysis of network data (e.g., packets, logs) and endpoint data (e.g., logs, malicious artefacts) in both structured and unstructured methods – using SIEM and various tools
  • Review SOC reports and deliverables
  • Manage security event investigations, partnering with other teams as needed
  • Actively seek self-improvement through continuous learning and pursuing advancement to a SOC Manager

Skills and experience

  • Bachelor of Science with a concentration in computer science, information systems, information security, math, decision sciences, risk management, engineering (mechanical, electrical, industrial) or other business/technology disciplines or equivalent work experience
  • Overall 4+ years working in a SOC and a minimum of 6 months in an L2 analyst or equivalent capacity and/or strong security technology operations experience as a Senior Analyst/ Shift Lead
  • Certified Information Systems Security Professional (CISSP), Certification in Certified Intrusion Analyst (GIAC), Continuous Monitoring (GMON), Certified Ethical Hacker (CEH) or equivalent
  • Able to work shifts on a rotating basis for 24/7 operational support
  • Experience in security technologies such as: Security information and event management (SIEM), IDS/IPS, Data Loss Prevention (DLP), Proxy, Web Application Firewall (WAF), Endpoint detection and response (EDR), Anti-Virus, Sandboxing, network- and host- based firewalls, Threat Intelligence, Penetration Testing, etc.
  • Knowledge of Advanced Persistent Threats (APT) tactics, technics and procedures
  • Understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity, etc.
  • Understanding of common network infrastructure devices such as routers and switches
  • Understanding of basic networking protocols such as TCP/IP, DNS, HTTP
  • Basic knowledge in system security architecture and security solutions
  • Proven ability to translate complex information sets into specific recommendations that can be actioned by customers to enhance their security posture
  • Working knowledge of threat analysis and enterprise level mitigation strategies
  • Working knowledge of how malicious code operates and how technical vulnerabilities are exploited
  • Working knowledge of operating systems and networking technologies in general
  • Working knowledge of cyber threats, defenses, motivations and techniques
  • Excellent interpersonal and organizational skills
  • Excellent oral and written communication skills
  • Strong analytical and problem-solving skills
  • Self-motivated to improve knowledge and skills
  • A strong desire to understand the what as well as the why and the how of security incident

To express your interest in this opportunity, don’t delay; please click apply now.

Tell me more

  • Location: Hyderabad/Bangalore
  • Rate: Competitive
  • Work Pattern: Full time
  • Start Dates: Immediately
  • Duration: Long term opportunities