Responsibilities of the Candidate:
- Monitor and analyze security events and incidents from multiple sources in real-time.
- Conduct triage and investigation of security alerts to determine validity and impact.
- Respond to incidents, perform root cause analysis, and coordinate mitigation steps.
- Document incidents and provide detailed incident reports.
- Configure and manage ArcSight ESM, Logger, and SmartConnectors.
- Create and optimize correlation rules, dashboards, and reports.
- Onboard new log sources, maintain log integrity and retention policies.
- Tune use cases to reduce false positives and improve detection efficacy.
- Conduct threat hunting activities using ArcSight and threat intelligence feeds.
- Collaborate with threat intel teams to enhance detection capabilities.
- Participate in red team/blue team exercises and post-event analysis.
- Ensure logging and monitoring processes support compliance (e.g., ISO 27001, PCI-DSS, NIST).
- Generate reports and metrics for stakeholders on SOC performance and incident trends.
- Work with IT, network, and application teams for incident resolution and preventive actions.
- Train and mentor junior SOC analysts.
- Stay updated on threat landscape and SIEM advancements.
Requirements:
- Certification.
- 3 to 10 years of experience
- Experience with other security tools (EDR, SOAR, IDS/IPS, firewalls).
- Familiarity with scripting languages (e.g., Python, PowerShell).
- Understanding of compliance standards such as ISO 27001, NIST, PCI-DSS, or GDPR.
