Role Profile:

Proficient in Incident Management and Response · Experience in security device management and SIEM (ArcSight) · In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc. · Experience in threat management · Knowledge of various operating system flavors including but not limited to Windows, Linux, Unix · Knowledge of applications, databases, middleware to address security threats against the same. · Proficient in preparation of reports, dashboards and documentation

Excellent communication and leadership skills · Experience in performing vendor management · Ability to handle high pressure situations with key stakeholders · Good Analytical skills, Problem solving and Interpersonal skills · Working knowledge and experience with O-365 with proficiency in Excel, PowerPoint & SharePoint

The below Key Performance Areas include but are not limited to:

Proficient in Incident Management and Response 

Monitor security events and alerts from various sources, including SIEM, IDS/IPS, firewalls, and antivirus systems. 

Lead the investigation, analysis, and response to cybersecurity incidents. 

Coordinate incident response activities, including containment, eradication, and recovery efforts. 

Document and report incidents, findings, and lessons learned. 

In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc. 

Experience in threat management, security monitoring and Analysis. 

Knowledge of various operating system flavors including but not limited to Windows, Linux, Unix 

Proficiency with SIEM tools (e.g., Elastic Datalake, MS Sentinel, Splunk, QRadar), IDS/IPS, firewalls, CASB DLP, Email security and EDR/XDR systems. 

 Strong knowledge of network protocols, operating systems (Windows, Linux), and security frameworks (e.g., NIST, ISO 27001). 

Knowledge in threat intelligence and vulnerability management 

Knowledge of applications, databases, middleware to address security threats against the same. 

Proficient in preparation of reports, dashboards, and documentation 

Excellent communication and leadership skills 

Experience in performing vendor management 

Ability to handle high pressure situations with key stakeholders 

Good Analytical skills, Problem solving and Interpersonal skills 

Working knowledge and experience with O-365 with proficiency in Excel, PowerPoint & SharePoint, build and maintain positive working relationships with them

Knowledge (Desired): Lead and manage Security Operations Center 

Lead and managed CSIRT operations. 

Primarily responsible for security event monitoring, management, and response. 

Gather and analyze threat intelligence from various internal and external sources. 

Assess and prioritize vulnerabilities in the organization's infrastructure and recommend remediation actions. 

Ensure incident identification, assessment, quantification, reporting, communication, mitigation, and monitoring. 

Ensure compliance to SLA, process adherence and process improvisation to achieve operational objectives. 

Revise and develop processes to strengthen the current security operations framework, review policies and highlight the challenges in managing SLAs. 

Ability to work independently and as part of a team in a high-pressure environment. 

Perform threat management, threat modeling, identify threat vectors and develop use cases for security monitoring. 

Responsible for integration of standard and non-standard logs in SIEM and creating business required security alerts and their handling procedures. 

Creation of reports, CISO dashboards, metrics for SOC operations and presentation to Sr. Mgmt. 

Co-ordination with stakeholders, build and maintain positive working relationships with them.