SOC EDR Analyst jobs in Bangalore at IBM

Your Role and Responsibilities
As a Security Analyst -SOC ,you are responsible for managing day to day operations of Security Device Management SIEM, incident response, threat hunting, Use case engineering, SOC analyst, device integration with SIEM.You are also Responsible for identifying, reporting and tracking system vulnerabilities within corporate, commercial and federal assets ensuring the integrity of the environment.

Daily activities include:

Operation of various scanning tools in use
Assessment and analysis data collected from scan tools
Tracking and reporting on discovered vulnerabilities and remediation efforts
Identification of overdue system remediation efforts
Sourcing and tracking of public and pre-embargoed vulnerability disclosure sources.
Analysis and reporting of all applicable publicly disclosed zero-day vulnerabilities.
Coordination with system owners to identify and remediate scan problems
Coordination with system owners to provide requested details about scan findings, scan methodologies and remediation recommendations
Assisting Program Managers with reporting and continuous motion on remediation efforts

Responsibility

General SIEM monitoring, analysis, content development, and maintenance.
Monitor a strategic, comprehensive corporate, commercial and federal information security monitoring and operation program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization
Daily security activities related to the protection of corporate and other federal assets including scanning tools and ticketing systems documenting the identification and remediation process for identified system flaws
Provide information to system owners of flaws identified within that group’s responsible systems.
Ensure that IBM Cloud is in compliance with all applicable Federal, IBM Internal and industry standard directives and policies regarding securing and monitoring of information systems
Assist in risk assessment duties including reporting and oversight of remediation efforts
Research, analysis, and response for alerts; including log retrieval and documentation.
Conduct analysis of network traffic and host activity across a wide array of technologies and platforms.
Assist in incident response activities such as host triage and retrieval, malware analysis,remote system analysis, end-user interviews, and remediation efforts.
Enterprise-level experience managing the remediation of vulnerabilities in two or more of the following areas:
- Server Operating Systems (Windows Server, Red Hat, CentOS)
- Network (Cisco, Palo Alto, F5, McAfee)
- Storage (NetApp, CleverSafe)
Manage multiple projects with various priority levels and time lines from start to finish
Develop and maintain accurate documentation for internal procedures and services
Maintain knowledge of outstanding vulnerability management issues and ensure remediation timelines are completed by required guidelines
Thorough understanding of how to calculate CVSS v2 and v3 adjusted scores
Must collaborate with other departments to resolve complex issues and be detail oriented
Ability to automate solutions to repetitive problems/tasks

Primary teams this person will work with….

Cloud SOC
Bluemix Infrastructure SOC
MSS SOC
SOS Tools
IaaS, PaaS, SaaS and Cloud Business Units contacts.
Business Unit and Bluemix Infrastructure Executives

Required Technical and Professional Expertise

Overall 5+ years of relevant cyber security experience in IT Security, Incident Response or network security with strong knowledge working in a Security Operations Center.
Experience with: SIEM (QRadar, Splunk, Nitro, etc.),SOAR (Resilient, Demisto, ServiceNOW, etc.),Ticketing (JIRA, ServiceNow, Remedy, etc.)
Endpoint Detection and Response or Endpoint Security (Crowdstrike,Carbon Black,Clam AV etc)
Minimum 3+ Years experience in Security Operation centre with SIEMs or 3+ years of applicable experience with Linux/UNIX systems in a production environment
Knowledge of generic information security standards/programs. Understanding of basic network concepts, familiarity with TCP/IP and VLAN functionality
Experience with risk management, vulnerability management, threat analysis, security auditing, security monitoring, incident response and other information security practices preferred

Preferred Technical and Professional Expertise

Security+,Linux+, GREM, GCFA, GNFA, OSCP, or similar certification preferred
Experience with the common tools associated with penetration testing (Metasploit, Burp Suite, Kali etc.)
Ability to effectively code in a scripting language (Python, Perl, etc.)

International Business Machines Corporation (IBM) is an American multinational information technology company headquartered in Armonk, New York, with operations in over 170 countries. The company began in 1911, founded in Endicott, New York, as the Computing-Tabulating-Recording Company (CTR) and was renamed 'International Business Machines' in 1924.