SOC Monitoring and Implementation
- Over 10+ years of experience in various information security domains like Compliance Audit, Security Operation Center, threat intelligence and has a proven track record in the planning, designing, and execution of SOC implementation, business requirement mapping, Security information and event management (SIEM) tooling. SOC governance (Including KPIs and metrics), SOC staff training and career development, SOC process, and audit.
- Real-Time Log Monitoring in the Security Operations Centre (SOC) from different devices such as Firewalls, IDS, IPS, Operating Systems like Windows, Unix, Proxy Servers, Windows Servers, System Application, Databases, Web Servers, and Networking Devices
- Technical escalation of all L1, L2, and L3 incidents in SOC.
- Project documentation
- Delivery methodologies and skill enhancements
- Analyze and troubleshoot delivery issues in a timely fashion
- Manage a delivery team to ensure timely and accurate Union Coop Information Security deliveries
- Oversee daily activities of the delivery team and provide direction and guidance as needed
Design, Create, and Innovate SIEM Use Cases in accordance with Union Coop's business requirement and as per the Cyberthreat surface of UC’s line of business.
- Good knowledge on SIEM tools like Splunk, QRadar and ArcSight concept and architecture
- Experience in implementation of SIEM Hands-on Experience in Device integration with SIEM
Cyber Threat Hunting, Analytics and Threat Intelligence
- Knowledge of Data Science with excellence in analyzing large volumes of security data and to determine patterns of interest or outliers or hidden attacks and build repeatable algorithms and machine learning models for apply on regular basis to the data.
- Experience in threat hunting and the use of algorithms and tools built by data scientists to actively hunt for attacks in large volumes of data, and create alerts that are passed on to SOC L1 & L2 analysts
- Collate information from external threat sources as well as data from internal SOC and prepare actionable threat feeds and Intelligence briefs. Experience in integrating threat feeds with SIEM/ other security products of Union Coop as well as to active SOC Manager & SOC Engineering team. The intelligence briefs are consumed by SOC lead, Investigators, and SOC Engineering Team for creating COA.