L3 Security Support engineer
L3 Security Support engineer
Posted on :
21-09-2024
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Salary
Not Disclosed
Salary Not Disclosed
Vacancy
1 Vacancy
Posted on :
21-09-2024
Job Description
Graduation/ Post Graduation:
B.E./B.Tech in Computer Science/ Electronics Engg. or equivalent
Additional Qualification:
Same as above
Any certifications/diplomas:
At least one SIEM solution certifications with one or more SIEM/ Security solutions (i.e McAfee Splunk ES Elastic ELK HP ArcSight IBM QRadar Log Rhythm).
At least one L3 level security certifications viz.
CISA/CISSP/CISM etc. atleast 03 months prior to deployment in GAIL
Total Experience(in years):
Min 5 years experience in handling security related products & services in an organization and out of total experience 3 years of minimum experience should be as an L2 in SOC management
Relevant Experience(in years):
Min 3 years experience in handling security related products & services in an organization and out of total experience 2 years of minimum experience should be as an L2 in SOC management
Preferred Industry:
IT Service
Preferred Current Position:
L2 Security Support engineer
Job Profile:
1. Overall responsibility for all cyber security related operations across GAIL including all data centers and site offices.
2. Shall prepare and follow approved SOP to provide expertlevel support for cyber security incidents and problems including investigating and responding to security breaches and threats.
3. Should be the first person to contact in case of any attack or incident. Should follow steps to isolate remediate inform GAIL officials and all other defensive measures to contain the attack.
4. Shall understand the complete network architecture of GAIL and identify network security loop holes. Should have complete understanding of IT/OT intersection in GAIL and monitoring for any anomalies through logs and packets by creating custom rules with continuous improvements. Preparation of highlevel document (HLD) and lowlevel design (LLD) security document and its update related to security components.
5. Complete implementation and compliance of guidelines advisories reports from statutory gov bodies like NCIIPC CERTIN MHA IB etc. and maintaining their documentation.
6. Shall ensure the SOC operations are as per defined SOP. Review the security architecture of the GAIL periodically and submit the reports to GAIL with recommendations for improvement.
7. Shall coordinate with various teams system administrators and owners for timely mitigation and ensuring compliance to all the VAPT reports received in GAIL time to time. Also shall recommend the mitigation measures for all the vulnerabilities reported and is responsible for properly documenting the compliance status at single place.
8. Maintaining ensuring compliance participate in all Internal/External audits of ISO 27001 ISMS framework.
9. Should have knowledge of standard security solutions like SIEM SOAR UEBA Network forensics NDR EDR XDR DDOS prevention AntiAPT DNS security WAF PIM Next Generation Firewalls Firewall Analyzer IDS IPS Email security Sandbox Proxy Vulnerability Assessment tool etc.
10. Ensuring regular security patching & inventory management of all Security solutions. Assist the support teams to submit the RCA for any major issues within its SLA and follow up till closure RCA Submissions.
11. Ensuring regular content pack updates security signature updates threat feed updates etc. for all security solutions.
12. Ensuring backup of all security devices & maintaining offline logs of required security devices for 180 days.
13. Ensuring that proper action like blocking adding indicators in database etc. for IOCs received along with the action taken for compliance.
14. Grant credentials to authorized users monitor accessrelated activities and check for unauthorized configuration changes. Any changes in devices to be done only after the approval from GAIL.
15. Automating events & alerts triggered through different security solutions through SOAR by creating different playbooks. Ensure that threat feeds from statutory bodies and OEM are continuously received. Should have expertise in developing efficient automated playbooks in SOAR.
16. Configure security policies for DDoS BDoS IDS IPS Email quarantine Spoof detection Email sender domain/IP reputation detection SPF DMARC DKIM URL rewrites based on latest attack trends and MITRE/NIST Framework.
17. Ensure proper ticketing in SOAR for each and every event/incident reported and closer only when RCA & resolution is provided.
18. Quarterly report of all the mentioned SOW activities & compliance to be shared with GAIL team.
19. Managing and implementing cyber security related projects by assigning proper jobs to L1 / L2 engineers implementation teams.
20. Shall review all the existing policies standards and controls for enhancing Cyber Security of GAIL. Also shall troubleshoot crossquestion and check for replication of policies.
21. Shall be responsible for providing the detailed plan of action for the DR Drill other drills and coordinate with other user/technical departments service providers for successful completion of the DR Drill and provide RTO/RPO reports.
22. Collaborate with other members of the cybersecurity team to develop new protocols layers of protection and other proactive and defensive systems for remaining ahead of cybercriminals.
23. Configuration of SSL/TLS certificate required to upload into Proxy APT ADC SSL offloader NDR as per the requirement and their related maintenance. Configuration of reverse proxy for the any existing/ upcoming applications.
Essential Skills (technical):
Should have complete knowledge:
Knowledge about various tools like SIEM SOAR UEBA Network forensics NDR EDR XDR DDOS prevention AntiAPT DNS security WAF PIM Next Generation Firewalls Firewall Analyzer IDS IPS Email security Sandbox Proxy Vulnerability Assessment tool etc.
Analyze and Capture SMTP SSL TCP HTTP Telnet and many other protocols using Wireshark.
Parser development Regex playbook automation APIs
Indepth knowledge of security concepts such as cyberattacks and techniques threat
vectors risk management incident management etc.
Linux Unix
TCP/IP Protocols network analysis and network/security applications
Note: Handson lab scenarios based test shall be conducted for deployment finalization of each resource if required.
sandbox,pim,anti-apt,dns security,soar,ids,network forensics,ips,siem,threat vectors,email security,cyber,next generation firewalls,edr,xdr,ddos prevention,ueba,cyber-attacks,ndr,regex,proxy,tcp/ip protocols,firewall analyzer,unix,incident management,risk management,linux,network analysis,waf,parser development,security,vulnerability assessment tool,apis
Employment Type
Full Time
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
