Security Engineer

About the job

Responsibilities:

• Monitor and analyse Endpoint security events, including but not limited to malicious apps, device compromise, host-based attacks, and data breaches.
• Assist in the deployment/integration and management of Security solutions.
• Respond to and investigate security incidents observed from SIEM solutions and individual security devices ensuring a timely and effective resolution.
• New Use Cases/Reports/Dashboards creation as and when required.
• Work on complex policies and procedures related to Data Loss monitoring and prevention.
• Splunk /Wazuh Implementation: Deploy, configure, and maintain the platform to collect, index, and analyse data from various sources, including security and IT systems.
• Security Monitoring and Incident Response of EDR/NDR solutions analyzing security events like malware infections, suspicious activities etc. and conduct investigations to further provide timely reports and remediations.
• Perform Vulnerability assessment and work together with IT team on further patching/fixes.
• Use threat intelligence and security best practices to proactively identify new and emerging threats and attack patterns and further action on the identified IOCs.
• Preparation of Monthly/Quarterly reports for complete IT security infra.
• Be part of IT Security Audit's when required and share necessary info/data to relevant parties for a successful Audit.
• Work together with MSP team on reviewing and analyzing incidents and provide inputs on continuous improvements.
• Prepare relevant SOPs/Run books as required for different IT Security aspects.
• Ready to take challenging tasks with a positive professional attitude. Should be ready to support on off hours for highly critical and urgent tasks/activities (This will be very rarely needed)

Requirements:

• Minimum 5 years of experience into SOC/IT Security.
• Any bachelor’s degree and preferably computer science background.
• Standard Industry certifications like CEH, Security +, EC-Council (CSA), CC is a plus
• Admin level exp on SIEM solution (Splunk/Securonix/ArcSight etc.)
• Working experience on Open-Source solutions like WAZUH
• Ability to create SOPs and Runbooks
• Capable to create New Dashboards/Alerts/Reports and perform finetuning.
• Hand on exp. of Incident response and Threat remediation
• Knowledge of Network protocols and How N/W devices work.
• Understanding on PAM and DAM solutions (CyberArk/Imperva)
• Understanding of Brand Monitoring/Dark Web monitoring and actioning.
• Working experience on packet capture tools (Wireshark)
• Experienced on Email Security (Microsoft ATP/Mimecast/Proofpoint etc.)
• Must have exp. on EDR solutions (CrowdStrike/Vectra/CB Protection etc.)
• Must have exp. on NDR solutions (ExtraHop/Darktrace)
• Knowledge on reviewing and defining and fine tuning DLP policies
• Working experience on Vulnerability assessment solutions (Qualys/Nessus)
• Basic Linux working experience is a plus.