Want to be a part of our team?
Provides technical support to field engineers, technicians, and product support personnel who are diagnosing, troubleshooting, repairing, and debugging complex electro/mechanical equipment, computer systems, complex software, or networked and/or wireless systems.
Responds to situations where first-line product support has failed to isolate or fix problems in malfunctioning equipment or software. Reports design, reliability, and maintenance problems or bugs to design engineering/software engineering. May be involved in customer installation and training.
Provides support to customers/users where the product is highly technical or sophisticated in nature.
Working at NTT
The SOC L3 is responsible for providing service to clients by proactively identifying and resolving technical incidents and problems. Through preemptive service incident and resolution activities, as well as product reviews, operational improvements, operational practices, and quality assurance this role will maintain a high level of service to clients. Their primary objective is to ensure zero missed service level agreement (SLA) conditions. The SOC L3 is responsible for managing tickets of low to high complexity.
Key Roles and Responsibilities:
NG SIEM (SIEM+SOAR+UEBA) Tool Overall Administration,
Management, Backup & Archival, Troubleshooting
support to remote SOC team for Incidents.
appropriate recommendations for closure.
necessary action in case of any observed issue.
management and respective application team upon threat
detection.
cause, and recommend the appropriate solution.
not limited to like IPS, WAF, Patch Management, Firewall, Anti-APT
solution, Antivirus, EDR, AD, ERP, DLP, VMT, Exchange, SharePoint,
Network Devices, Web Services, Custom applications etc. & also on
respective version upgrade(s)
alerts & develop custom parsers/connectors for integrating logs
wherever necessary or required.
solutions based on requirement & architecture and develop/modify
appropriate use cases/rules, playbooks/models, reports and alerts.
Use and apply learnings from incident and provide
recommendation for standardizing the NG SIEM Solution.
rules/configuration/playbooks/models
MTTD
teams and other supporting teams.
solutions, other assets
requirements.
procedures, configuration management, Low Level Design etc. are
up to date with the changes made in their respective areas.
not limited to)
activities Related to NG SIEM to be carried out.
recommendation for standardizing the NGSIEM Solution.
solutions, other assets
client requirements.
sources to include various OS, appliance, and application logs.
Create Custom queries, custom dashboards, and visualizations
dashboards, saved and scheduled searches and alerts.
with data ingestion and NG SIEM infrastructure
to achieve Best return on investment.
to protect the organization in SIEM, Leading End-to-End
Implementation of the suggested changes.
framework.
Threat Hunting Requirements
1. Use algorithms and tools to actively hunt of attacks in large volume
of data and create alerts that are passed on to analysts.
2. Define, develop, implement, update and maintain Hunting
Framework which contains: Create Strategic Hunt Missions which
are objective based to identify malicious activity that has not
triggered an alert. Search for Indicators of Compromise received
from Threat Intelligence and Analytics
3. Create knowledge base of IOCs
4. The service should able to detect threats from various attacks
vectors such as malware, web application attacks, network attacks,
watering hole attacks, DNS attacks, insider threat, and data
exfiltration but not limited to. List the detection use cases which can
detect above attacks using pre-built machine learning techniques
and analytical models.
5. Analytics using machine learning techniques should use multiple
sources to identify malicious activity. A minimum the following
sources should be used but not limited to:
IPS/IDS, Proxy, FW, WAF, Anti APT, EDR, AV, Internet/Mail gateway,
Windows & Linux logs, DNS.
6. Bidder should have analytical models to detect different stages of
Cyber Kill chain.
7. Network Threat Hunting should leverage existing network sources
for better detection of advanced attacks. Network sources should
include Net flow, Proxy, DNS, IPS, VPN, Firewall, WAF,
AD/Windows, Email logs etc.
8. Network threat hunting should use AI on network sources and
enable hunting for attacks including but not limited to Lateral
Movement, Malware Beaconing, Data Exfiltration, Watering Hole,
Targeted network attacks, Dynamic DNS attacks
9. The service must be capable of identifying suspicious or hitherto
undiscovered communication patterns to uncover hidden,
advanced threats missed by automated, preventative and detective
controls & detect suspicious trends. Service must support detection
of newly discovered pattern in future.
10. The service should identify network traffic from potentially risky
applications (e.g. file sharing, peer-to-peer, etc.)
What will make you a good fit for the role?
Equal Opportunity Employer
NTT is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, color, sex, religion, national origin, disability, pregnancy, marital status, sexual orientation, gender reassignment, veteran status, or other protected category
Read Full Description