Technical Specialist – MS, SOC - L3

NTT Group

Hyderabad, India
Education
Benefits
Apply
1,000+ Similar Jobs

Want to be a part of our team?

Provides technical support to field engineers, technicians, and product support personnel who are diagnosing, troubleshooting, repairing, and debugging complex electro/mechanical equipment, computer systems, complex software, or networked and/or wireless systems.

Responds to situations where first-line product support has failed to isolate or fix problems in malfunctioning equipment or software. Reports design, reliability, and maintenance problems or bugs to design engineering/software engineering. May be involved in customer installation and training.

Provides support to customers/users where the product is highly technical or sophisticated in nature.

Working at NTT

The SOC L3 is responsible for providing service to clients by proactively identifying and resolving technical incidents and problems. Through preemptive service incident and resolution activities, as well as product reviews, operational improvements, operational practices, and quality assurance this role will maintain a high level of service to clients. Their primary objective is to ensure zero missed service level agreement (SLA) conditions. The SOC L3 is responsible for managing tickets of low to high complexity.

Key Roles and Responsibilities:

NG SIEM (SIEM+SOAR+UEBA) Tool Overall Administration,

Management, Backup & Archival, Troubleshooting

  • Upgrade/Update/Patching of NG SIEM Solution
  • Monitor NG SIEM Console & Dashboards and provide response &

support to remote SOC team for Incidents.

  • Support the day to day operation of deployed NG SIEM.
  • Perform initial analysis for known issues and provide the

appropriate recommendations for closure.

  • Monitor & Reporting of system components health and take

necessary action in case of any observed issue.

  • Provide notification and communication with Incident

management and respective application team upon threat

detection.

  • Perform analysis on the reported incidents, determine the root

cause, and recommend the appropriate solution.

  • Integration of NG SIEM with IS infrastructure (Existing/Future) but

not limited to like IPS, WAF, Patch Management, Firewall, Anti-APT

solution, Antivirus, EDR, AD, ERP, DLP, VMT, Exchange, SharePoint,

Network Devices, Web Services, Custom applications etc. & also on

respective version upgrade(s)

  • Develop appropriate use cases/playbooks/models/reports and

alerts & develop custom parsers/connectors for integrating logs

wherever necessary or required.

  • Integration of SIEM/SOAR/UEBA Tool with security/non-security

solutions based on requirement & architecture and develop/modify

appropriate use cases/rules, playbooks/models, reports and alerts.

Use and apply learnings from incident and provide

recommendation for standardizing the NG SIEM Solution.

  • Reduction of False Positives by fine tuning existing correlation

rules/configuration/playbooks/models

  • Automation with continuous improvements, Reduction in MTTR,

MTTD

  • Develop and implement processes for interfacing with operational

teams and other supporting teams.

  • Ensure the NG SIEM integration is intact among the Client SOC

solutions, other assets

  • Design, create and customize the dashboards as per the client

requirements.

  • Ensure the necessary client SOC documents like operating

procedures, configuration management, Low Level Design etc. are

up to date with the changes made in their respective areas.

  • Automating Day to Day Tasks related with NG SIEM Operations (but

not limited to)

  • Above is illustrative list of general activities. All Technology specific

activities Related to NG SIEM to be carried out.

  • Use and apply learnings from incident and provide

recommendation for standardizing the NGSIEM Solution.

  • Ensure the SIEM integration is intact among the SOC

solutions, other assets

  • Design, create and customize the dashboards/reports as per the

client requirements.

  • Support on boarding and maintenance of a wide variety of data

sources to include various OS, appliance, and application logs.

Create Custom queries, custom dashboards, and visualizations

  • Create and manage NG SIEM knowledge objects to include apps,

dashboards, saved and scheduled searches and alerts.

  • Support access requests and modifications and permissions
  • Support troubleshooting and remediation of issues as they arise

with data ingestion and NG SIEM infrastructure

  • Work on Improvement of overall posture of NG SIEM deployment

to achieve Best return on investment.

  • Monitor & report on cyber threats and suggest any changes needed

to protect the organization in SIEM, Leading End-to-End

Implementation of the suggested changes.

  • Should have a very good understanding on MITRE attack & NIST

framework.

Threat Hunting Requirements

1. Use algorithms and tools to actively hunt of attacks in large volume

of data and create alerts that are passed on to analysts.

2. Define, develop, implement, update and maintain Hunting

Framework which contains: Create Strategic Hunt Missions which

are objective based to identify malicious activity that has not

triggered an alert. Search for Indicators of Compromise received

from Threat Intelligence and Analytics

3. Create knowledge base of IOCs

4. The service should able to detect threats from various attacks

vectors such as malware, web application attacks, network attacks,

watering hole attacks, DNS attacks, insider threat, and data

exfiltration but not limited to. List the detection use cases which can

detect above attacks using pre-built machine learning techniques

and analytical models.

5. Analytics using machine learning techniques should use multiple

sources to identify malicious activity. A minimum the following

sources should be used but not limited to:

IPS/IDS, Proxy, FW, WAF, Anti APT, EDR, AV, Internet/Mail gateway,

Windows & Linux logs, DNS.

6. Bidder should have analytical models to detect different stages of

Cyber Kill chain.

7. Network Threat Hunting should leverage existing network sources

for better detection of advanced attacks. Network sources should

include Net flow, Proxy, DNS, IPS, VPN, Firewall, WAF,

AD/Windows, Email logs etc.

8. Network threat hunting should use AI on network sources and

enable hunting for attacks including but not limited to Lateral

Movement, Malware Beaconing, Data Exfiltration, Watering Hole,

Targeted network attacks, Dynamic DNS attacks

9. The service must be capable of identifying suspicious or hitherto

undiscovered communication patterns to uncover hidden,

advanced threats missed by automated, preventative and detective

controls & detect suspicious trends. Service must support detection

of newly discovered pattern in future.

10. The service should identify network traffic from potentially risky

applications (e.g. file sharing, peer-to-peer, etc.)

What will make you a good fit for the role?

Equal Opportunity Employer

NTT is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, color, sex, religion, national origin, disability, pregnancy, marital status, sexual orientation, gender reassignment, veteran status, or other protected category

Read Full Description
Apply
Jobs at NTT Group
Similar Jobs
Confirmed 6 hours ago. Posted 30+ days ago.

Discover Similar Jobs

Suggested Articles

The Joy of B-Corps
What is a Unicorn Startup?
Leaving Consulting: The Why, When, How and What For?
Managing a Software Career
Leaving Banking: The Why, When, and How
Write a Resume Like Leonardo Da Vinci