Security Operations Center Lead-Splunk

Security Operations Center Lead-Splunk
Ernst & Young LLP - Chennai, India
Full Time
IT & Software Development
Security Software Development Splunk

Security Operations Center Lead

Job description
 Serve as subject matter expert on incident detection, analysis and Response techniques.
 Provide guidance to Security Operations Center (Level 1) analysts in execution of operational,
analysis, and cyber event response procedures.
 Monitor Security Operations Center (Level 1) analysts’ performance investigating incoming events
and mentor analysts to improve detection capability at the SOC.
 Support the Security Operations Centre (SOC) by collaborating in use case development,
developing response processes and procedures, and performing continuous process
improvements; which may include documentation, mentoring, and/or training sessions.
 Investigate complex events escalated by Security Operations Center (Level 1) analysts.
 Review and perform vulnerability assessments
 Conduct proactive threat research.
Gather, manage, and disseminate situational intelligence to all SOC personnel.
 Establish and maintain excellent working relationships/partnerships with the cyber security and
infrastructure support teams throughout the Information Technology organization, as well as
business unit stakeholder SMEs.
 Coordinate efforts among multiple business units during response.
 Must comply with any regulatory requirements.
 Must commit to continuous information security skill development.

Job Requirements
 4+ years of experience working in Security Operations Center and atleast one year as SOC Lead
 Deeper Understanding of all Operating Systems, Virtualization technologies, Network Devices,
Cloud computing concepts, Web Proxies, Firewalls, Data Loss Prevention Systems, Intrusion
Detection/Prevention Systems, Antivirus Systems, Vulnerability Assessment tools – Nessus,
Qualysguard, etc.
 Familiarity with hacking techniques, methodologies, tactics and procedures.
 Comprehensive understanding of network protocols including TCP/IP, UDP, DHCP, FTP, SFTP, ATM,
 Experience working with SIEM technologies (Splunk preferable)
 Exceptional information analysis abilities; ability to perform independent analysis and distill
relevant findings and root cause.
 Ability to identify themes and trends from large data sets.
 Strong customer service skills and decision-making skills.
 Exhibit initiative, follow-up and follow through with commitments.
 Ability to support and work in a team environment.
 Strong analytical writing skills to articulate complex ideas clearly and effectively; experience
creating and presenting documentation and management reports.
 Strong oral communication skills.
 Ability to manage multiple tasks, priorities, and operational assignments in a high pressure
 Understanding of IT Security and the ability to apply risk management principles in all aspects IT

Education & Certifications
 B.E./ B.Tech./MCA or MS In Information Security
 GIAC Certified Intrusion Analyst, or GIAC Certified Incident Handler, GIAC
Certified Forensic Analyst (GCFA),

 CISSP certified/qualified or ability to pursue obtaining this certification within six months of hire.
 CompTIA Security +, Cisco Certified Security Professional/Associate, CEH , ISO 27001 LA/LI
 Certifications in Splunk Security app/HP Arcsight/IBM Qradar or other SIEMs