SAKON is hiring For Senior Engineer-IT Security

Job Description

Position: Senior Engineer-IT Security Job Location: Pune, India Role Overview/Your Impact: We are looking for a highly skilled and detail-oriented Senior Engineer IT Security to join our Security Operations Center (SOC) team. As a Senior Engineer, you will be responsible for protecting the organization's IT infrastructure by monitoring, identifying, and responding to security threats or weaknesses and vulnerabilities. You will manage security tools for advanced analysis and investigation of security logs from various sources such as firewalls, intrusion detection/prevention systems (IDS/IPS), servers, applications, and other security devices. You will be expected to identify, investigate, and respond to security incidents, provide deep technical analysis, and work closely with other teams to improve the organizations overall security posture. What Does the team do The Security Operations Center (SOC) team plays a critical role in safeguarding an organization's IT infrastructure by actively monitoring, detecting, responding to, and mitigating cybersecurity threats in real time. This team's primary responsibility is to maintain a robust security posture, ensuring the integrity, confidentiality, and availability of systems, networks, and data. What will you do Acknowledge, analyze, and validate incidents triggered by multiple security tools like IDS/IPS, Web Application Firewall, Firewalls, Endpoint Detection & Response tools, and events through SIEM solution. Acknowledge, analyze, and validate incidents received through other reporting mechanisms such as email, phone calls, management directions, etc. Collection of necessary logs that could help in the incident containment and security investigation Escalate validated and confirmed incidents. Understand the structure and the meaning of logs from different log sources such as F/W, IDS/IPS, WAF, Domain Controller, Cloudflare, XDR Solution, Microsoft office 365 etc. Open incidents in the ticketing platform to report the alarms triggered or threats detected. Track and update incidents and requests based on updates and create root cause analysis. Report on IT infrastructure issues to the IMS Team. Working with vendors to work on security issues. Log Analysis and Investigation: Analyze large volumes of security logs from multiple sources (e.g., network devices, firewalls, IDS/IPS, SIEM tools, etc.) to identify potential security incidents, threats, and vulnerabilities. Perform in-depth investigations of suspicious activities to identify the root cause and potential impact. Prioritize and escalate incidents based on severity and risk. Incident Response: Lead the investigation and resolution of security incidents, coordinating with L1 and L2 teams as necessary. Provide detailed analysis and actionable intelligence to stakeholders to guide remediation efforts. Track incidents through to resolution and closure, ensuring all documentation is accurate and complete. Maintain Incident response procedures and SOPs Threat Intelligence Integration: Use threat intelligence feeds and other external resources to enhance log analysis and identify emerging threats. Correlate internal data with external threat intelligence to identify new attack vectors and trends. Tools & Technologies: Utilize SIEM tools (e.g., LogRhythm) to perform advanced log searches, filtering and correlation. Work with other SOC tools such as ticketing systems, network monitoring solutions, Email monitoring, and endpoint security tools. Collaboration & Reporting: Collaborate with SOC teams, IT teams, and management to provide detailed incident reports and security assessments. Develop and maintain documentation, playbooks, and procedures to improve the efficiency of the SOC. Provide mentorship and training to junior analysts (L1/L2). Continuous Improvement: Analyze and improve SOC processes, workflows, and detection methodologies to enhance overall efficiency and security posture. Regularly update and review log sources, collection mechanisms, and detection rules to adapt to changing threat landscapes. Perform other duties as assigned. Required Skills & Qualifications: Experience: Minimum of 4 years of experience in a security operations environment with a focus on log analysis, incident response, and threat detection. Strong knowledge of security concepts and technologies such as firewalls, IDS/IPS, antivirus, vulnerability scanners, encryption, and network protocols. Experience working with SIEM tools such as LogRhythm etc. Technical Skills: Strong knowledge of networking protocols (TCP/IP, HTTP, DNS, etc.) and the ability to analyze traffic and logs. Experience with log parsing, log correlation, and log analysis at an advanced level. Familiarity with scripting languages (e.g., Python, PowerShell) for automating tasks and log analysis. Strong understanding of security incident response lifecycle, including containment, eradication, and recovery. Certifications(Preferred): Certified Incident Handler (GCIH) Certified SOC Analyst (CSA) Certified Ethical Hacker (CEH) Soft Skills: Strong analytical and problem-solving abilities. Ability to work under pressure in a high-stress, fast-paced environment. Strong written and verbal communication skills for preparing reports and interacting with teams across the organization. Excellent attention to detail and a proactive approach to identifying and addressing security issues.