Job Summary
Responsibility of this position to secure and identify cybersecurity threats for Garrett IT and Plant networks. Position is responsible to follow SOC Incident management process. Investigate and triage security events for cybersecurity intrusions, data exfiltration and other cybersecurity incidents in the organization. Constantly understand threat intelligence sources and create detection and prevention controls to alert and mitigate the threats. Constantly update the event sources to provide comprehensive coverage of detection and preventive controls. Prioritize detection and response plan based on the impact to Garrett assets people, data assets, finance, and brand image.
Key Job Areas of Responsibilities
Want more jobs like this?
Get jobs in Bangalore, India delivered to your inbox every week.
1.SOC Operations
- Automate SOC monitoring and resolution for incidents reported.
- Finetuning SIEM platform and use cases development to address emerging threats.
- Co-ordinate with MSSP partner for key initiatives, enable and provide requirements and support delivery of projects.
- Deploy robust incident response, forensics, and threat intelligence processes.
- Lead the delivery of incident management system enhancements and modifications.
- Drive process improvements assisting to identify opportunities for positive change, improving SOC's overall detection and response capabilities.
2. Threat Intelligence & Hunting
- Gather threat intelligence from the industry and discern the applicable threats for our landscape.
- Investigate the network systems or endpoints to identify threat patterns or indicate compromise and analyse the threat.
- Coordinate with the IT and Plant IT team to resolve the cyber threats and prevent the same attack from recurring.
- Analysing and detecting cyber threats that affect business operations using threat intelligence.
- Monitoring the security patterns to identify, isolate, and detect the threats before attackers tend to exploit them.
- Planning, creating, and implementing security solutions for the organization.
3. Incident Response
- Lead incident response, including steps to minimize the impact and then conducting a technical and forensic investigation into how the breach happened and the extent of the damage.
- Track security incident related KPIs and metrics and assist with reporting on those metrics to senior management.
- Define & Implement technology roadmap to mitigate threats across Endpoints & Network
Education / Qualifications
Bachelor's degree in information technology or related discipline
Experience Required
- Overall 10+ years of relevant IT / Cyber Security experience.
- Minimum 5+ years of technology experience in SOC including SIEM, End Point Detection & Response, Network Detection & Response, IDP and IDS, Email Security, SOC Operations and Incident Management.
- Demonstrated proficiency with the IT Security Common Body of Knowledge required for enabling security concepts on varied technology.
Key Skills and Knowledge
- Expertise and demonstrated experience in SOC Incident management, SIEM, Endpoint security (EDR, Antivirus, etc), Network Security (Firewalls, Proxy, etc),
- Communicating effectively in writing as appropriate for the needs of the audience
- Abreast of security vulnerabilities and continually keep up to date on the latest security best practices and technologies.
- Good exposure to threat intelligence
- Strong knowledge of cryptography as it relates to computer and network security as well as file and email encryption required
- Strong, demonstrated project management skills
- A self-starter, with limited supervision & be able to work effectively in a global diverse environment.
- Review the security requirements, draft Threat Modelling
- Maintains knowledge of Cyber security threats and risks, and constantly monitors and evolves system security posture to mitigate