Qualification:
Full time B.E/ B.Tech/MCA/MSc (IT/Computer Science) /BCA/B.Sc(IT/Computer Science)/ Full time 3 years Diploma in IT
Experience:
- Minimum three (3) year total IT experience in which Two (2) year experience in Support and implementation of Security
- Products including antivirus solution, Endpoint Protection E[1]Mail, Network APT /EDR/Threat hunting/Forensics Solutions.
- Good Knowledge on Linux & Windows operating systems, Databases, Network Management Software etc.
Certifications:
Certificate of any reputed Endpoint Protection Platform /EDR/ACC/Threat Hunting/Forensics product.
Roles and Responsibilities
1. Security Event Monitoring
Continuously monitor SIEM dashboards for incidents/alerts and suspicious activities.
Identify potential security incidents based on predefined use cases and correlation rules.
Validate incidents/alerts for false positives before escalation.
2. Initial Incident Analysis
Perform basic triage of security incidents/alerts (e.g., malware detection, unauthorized access attempts).
Collect preliminary information such as source IP, user details, and affected systems.
Document findings in the incident management system.
3. Escalation
Escalate confirmed incidents to L2/L3 teams with complete details.
Follow the escalation matrix and ensure timely communication.
4. Log Analysis
Review logs from firewalls, IDS/IPS, antivirus, and endpoint security tools etc.,
Identify anomalies and patterns that may indicate compromise.
5. Threat Intelligence
Check alerts against threat intelligence feeds for known indicators of compromise (IOCs).
Update internal watchlists with new IOCs provided by L2/L3 or external sources.
6. Basic Remediation
Isolate infected endpoints as per SOP.
Block malicious IPs or URLs using security tools (with approval).
Assist in password resets for compromised accounts.
7. Reporting & Documentation
Maintain accurate records of incidents/alerts, actions taken, and escalations.
Prepare daily security monitoring reports for management review.
Incidents/alerts reporting within SLA time period.
8. Compliance & SOP
Follow organizational security policies and standard operating procedures.
Ensure evidence collection for audits and compliance checks.
9. Communication
Provide timely updates to stakeholders during incidents.
Coordinate with IT teams for basic containment actions
Important: A mandatory two-year bond will apply for all selected candidates
