The primary function of a Senior Incident Responder is to ensure that the SOC team is performing its functions as required and to troubleshoot problematic incidents and events. In summary, the Senior Incident Responder shall also act as the technical SME
and shall report technically to the L3 Analyst.
- Work collaboratively with Account Manager for Client relations
- Track incident detection and closure
- Execute risk hunting activities
- Undertake forensic investigations
- Act as subject matter expert and expert witness where required
- General intelligence advisories and delegate intelligence aggregation tasks
- Suggest new use cases for emerging threats
- Conduct incident response coordination with customer
- Validation of security incidents
- Conduct audits of logging and correlation
- Use of sandbox, honeypot, analytics tools and security testing
- Ensure process compliance
- Ensure quality of investigations and notification and direct L1 accordingly
- Report deviations to SOC manager and L3
- Ensure SLA compliance for projects within remit
- Perform deep analysis to security incidents to identify the full kill chain
- Respond to clients’ requests, concerns and suggestions
- Provide knowledge to L1 such as guides, cheat sheets etc
- Follow up with the recommendations to the client to contain an incident or mitigate a
threat
- Conduct presentations and updates to the client
- Respond to incident escalations and provide solid recommendations
- Update aging incidents and requests
- Track SOC performance in terms of SLAs and incident quality
- Review vulnerability assessment reports with the client and provide necessary
recommendations
- Conduct threat hunting exercises on SIEM and EDR platforms
- Develop and improve processes for monitoring and incident qualification
- Perform quarterly evaluation for L1 analysts and report feedback to the management
SecurityHQ is a global cybersecurity company. Our specialist teams design, engineer and manage solutions that do three things: Promote clarity and trust in a complex world. Build momentum around improving security posture. And increase the value of cybersecurity investment within organizations. Free from limitations, and inclusive of all requirements, we focus on defending today, while mitigating the risks of tomorrow. And into the future. Our solutions are tailored to our customers and their unique context. Around the clock, 365 days per year, our customers are never alone.
SecurityHQ – We’re focused on engineering cybersecurity, by design.
Job Reference Number
IN003
Essential Skills
- Experience with Security Information Event Management (SIEM) tools, creating advanced co\-relation rules, administration of SIEM and system hardening.
- Should have expertise on TCP/IP network traffic and event log analysis.
- Knowledge and hands\-on experience with LogRhythm, QRadar, Arcsight, MS Sentinel or any SIEM tool
- Knowledge of ITIL disciplines such as Incident, Problem and Change Management
Additional Desired Skills
- Strong verbal and written English communication
- Strong interpersonal and presentation skills
- Ability to work with minimal levels of supervision
- Willingness to work in a job that involves 24/7 operations
Education Requirements \& Experience
- Bachelors in Computer Science/IT/Electronics Engineering, M.C.A. or equivalent University degree
- Minimum of 3\-4 years of experience in the IT security industry, preferably working in a SOC environment
- Certifications: GCIH, CCNA, CCSP, CEH