Logo of Huzzle

IT CoE SEC SOC Network | Banaglore |

  • Job
    Full-time
    Mid Level
  • Data
    IT & Cybersecurity

AI generated summary

  • You should have 3+ years as a SOC analyst, experience with Azure Sentinel and Microsoft security tools, strong analysis skills, and knowledge of TTPs and threat intelligence.
  • You will analyze security incidents, document findings, coordinate remediation, assist teams with security issues, conduct threat hunts, and suggest detection use cases based on Cyber Threat Intelligence.

Requirements

  • Perform reactive incident analysis to conclusion or prepare it for escalation when needed
  • Document the incident analysis to ensure a swift handover to l3 or other incident responders
  • Effectively identify threats by performing relevant research and data analysis.
  • Transmit security incidents to the appropriate teams for remediation and follow up on the incident to resolution
  • Assist end users / Local IT Teams / Applications teams / Infrastructure Support teams in understanding security issues and applying mitigation strategies.
  • Execute deep dives and threat hunts beyond the one-off incident tickets and propose corrective actions.
  • Follow up on Cyber Threat Intelligence information and suggest detection use cases.
  • Prior experience as a network or system administrator is a serious plus
  • 3+ years experience in a SOC analyst role
  • Tools:
  • Azure Sentinel
  • Microsoft KQL
  • Microsoft E5 security stack: Defender for Endpoint, Defender for Identity, Defender for O365, Defender for CloudApps
  • Defender for Cloud
  • Analysis Skills:
  • Malware incident analysis - ability to interpret sandbox results, perform basic static and maldoc analysis.
  • Phishing campaigns - ability to interpret email headers
  • Good knowledge on TTP's used by various threat actors (Mitre Att&ck) and how to detect them.
  • Ability to create detection hypothesis and the queries to confirm it.
  • Ability to spot repeat alerts and to suggest rule tunings
  • Ability to follow existing playbooks but also to suggest improvements on them.

Responsibilities

  • Perform reactive incident analysis to conclusion or prepare it for escalation when needed
  • Document the incident analysis to ensure a swift handover to l3 or other incident responders
  • Effectively identify threats by performing relevant research and data analysis.
  • Transmit security incidents to the appropriate teams for remediation and follow up on the incident to resolution
  • Assist end users / Local IT Teams / Applications teams / Infrastructure Support teams in understanding security issues and applying mitigation strategies.
  • Execute deep dives and threat hunts beyond the one-off incident tickets and propose corrective actions.
  • Follow up on Cyber Threat Intelligence information and suggest detection use cases.

FAQs

What is the primary role of the IT CoE SEC SOC Network position?

The primary role involves performing reactive incident analysis, documenting incidents, identifying threats through research and data analysis, and assisting various teams in understanding and mitigating security issues.

What are the main responsibilities associated with this job?

Main responsibilities include incident analysis, documentation for handover to other teams, threat identification, remediation follow-up, assisting users and teams with security issues, executing threat hunts, and suggesting detection use cases.

What qualifications are preferred for this role?

Candidates should have prior experience as a network or system administrator, along with at least 3 years of experience in a SOC analyst role.

Which tools are essential for this position?

Essential tools include Azure Sentinel, Microsoft KQL, Microsoft E5 security stack (including Defender for Endpoint, Defender for Identity, Defender for O365, and Defender for Cloud), and Defender for Cloud.

What type of analysis skills are required for this role?

Required analysis skills include malware incident analysis, interpreting email headers for phishing campaigns, knowledge of threat actor TTPs (Mitre Att&ck), creating detection hypotheses, and suggesting rule tunings.

Is prior experience in network or system administration necessary?

Yes, prior experience as a network or system administrator is considered a serious plus for this position.

Will the role involve working with playbooks?

Yes, the role will involve following existing playbooks and suggesting improvements to enhance their effectiveness.

What is the desired knowledge regarding threat actors?

Candidates should possess good knowledge of TTPs used by various threat actors and how to detect them, particularly using the Mitre Att&ck framework.

How important is data analysis in this position?

Data analysis is crucial, as effective threat identification and incident resolution rely on relevant research and analysis skills.

Are team collaboration skills important for this job?

Yes, strong collaboration skills are essential for assisting end users, Local IT Teams, and other support teams in addressing security issues.

Capgemini Engineering, the leader in engineering and R&D services, helps clients unleash their R&D potential.

Technology
Industry
10,001+
Employees

Mission & Purpose

World leader in engineering and R&D services, Capgemini Engineering combines its broad industry knowledge and cutting-edge technologies in digital and software to support the convergence of the physical and digital worlds. Coupled with the capabilities of the rest of the Group, it helps clients to accelerate their journey towards Intelligent Industry. Capgemini Engineering has 60,000 engineer and scientist team members in over 30 countries across sectors including Aeronautics, Space, Defense, Naval, Automotive, Rail, Infrastructure & Transportation, Energy, Utilities & Chemicals, Life Sciences, Communications, Semiconductor & Electronics, Industrial & Consumer, Software & Internet. Capgemini Engineering is an integral part of the Capgemini Group, a global business and technology transformation partner, helping organizations to accelerate their dual transition to a digital and sustainable world, while creating tangible impact for enterprises and society. It is a responsible and diverse group of 340,000 team members in more than 50 countries. With its strong over 55-year heritage, Capgemini is trusted by its clients to unlock the value of technology to address the entire breadth of their business needs. It delivers end-to-end services and solutions leveraging strengths from strategy and design to engineering, all fueled by its market leading capabilities in AI, cloud and data, combined with its deep industry expertise and partner ecosystem. The Group reported 2023 global revenues of €22.5 billion.