– Basic knowledge of ArcSight SIEM domain and SOC operations.
– Review SIEM report on daily basis and highlight security incident or potential incident on incident tracker. Update IT operation team on daily basis for security incident or potential incident.
– Record information security incident and ensure closure of incident in timely manner by coordinating with IT operation team or SOC team as per procedure.
– Helping IT operation team to understand the incident and remediation for closure.
– Take follow up on identified information security incident with respective team (IT operation or SOC) and escalate in case no responses.
– Understand IT operation and Identifying the false positive events with coordination with Technology team and highlighting the same with SOC team to update rule on SIEM (ESM system) for removing the false positive events from Report.
– Prepare required procedure documents for log monitoring and incident management.
– Arrive at best practices followed and configuration required for device / application after coordinating with SOC team and technology team. Coordinate with SOC team and Client technology team for any open issue.
– Ensure all the activities for SIEM are performed based on recommendation decided by SOC team and technology team in timely manner without any escalation.
– Ensure recommended activities are finalized in timely manner and take follow up with respective team for timely closure and escalate in case any problem.
– Weekly report, dashboards and update on identified incident and follow up status.
– Perform initial level troubleshooting for devices which are not sending logs.
– Command over verbal and written English.
– Analytic and critical thinking skills.
– Proficiency in computer skills to include Microsoft Office applications (e.g., Word, Excel, etc).