Project Role : Security Delivery Lead
Project Role Description : Leads the implementation and delivery of Security Services projects, leveraging our global delivery capability (method, tools, training, assets).
Must have skills : Security Information and Event Management (SIEM) Operations
Good to have skills : Splunk Security Information and Event Management (SIEM)
Minimum 5 year(s) of experience is required
Educational Qualification : NA

Key Responsibilities 1) Incident handling - Sentinel incidents - end-to-end security incident investigation approach. 2) Good Hands-on Experience in KQL (Kusto Query Language) for log querying and data analysis within Microsoft Sentinel. 3) Monitoring experience on other Microsoft security technologies such as MDE, Defender for cloud 4) Improving Signal Noise Ratio, Developing Incident Response Workflow that can be automated. 5) Provide support to the Security Operations Center (SOC) L1/L2 Analyst during incident response, event monitoring, and threat-hunting activities. 6) Deep understanding of several of the following fields: Email security (including PDF and Document analysis), digital media forensics, monitoring and detection, incident response, vulnerability assessment, penetration testing, cyber intelligence analysis, and network analysis 7) Trending and correlation of monitored events to build new Indicators of Compromise (IOC), attack attribution, and helping establish countermeasures increasing cyber resiliency. 8) Identification of advanced cyber threat activities, Endpoint Detection Response, intrusion detection, incident response, malware analysis, and security content development (e. g., signatures, rules, etc. ); and cyber threat intelligence. Technical Experience 1) Good knowledge on MITRE tactics and techniques 2) Should have ability to create new use cases on emerging threats to enable proactive monitoring once any security advisory is received 3) Should have ability to create advance interactive security dashboard/workbooks. 4) Good to have knowledge in SOARS and should have ability to create security workflows to ease SOC operations via logic apps.tools, Service now preferred 5) Working knowledge of ITSM tools, Service now preferred. 6) Acts as primary technical subject matter expert for security alert investigation Professional Attributes - Good verbal communication skills to connect with different suppliers at varying levels of the organization methods. - Being flexible to work in 24x7 environments as per the business needs. - Intermediate level understanding of ATP, EDR, API Security, Identity Management. - Must be a critical thinker, with strong problem-solving skills. Educational Qualification Bachelor or higher degree in related field or equivalent work experience Additional Information - Preferred Security certifications such as CompTIA Sec+, CHFI, CEH, SANS, Certified Incident Handler, AZ-500 & AZ-900/SC-200 - Good understanding of ITIL processes, ISO/PCI DSS, including Change Management, Incident Management, and Problem Management.