SOAR Lead

JOB DESCRIPTION

• Integrate respective solution / technology with every other solution / technology deployed in the GCSOC setup.
• Automation of all L1 & L2 activities within first year.
• Migration of data & logs from currently running SOC to new GCSOC.
• Collaborate closely with Technical Account Manager (TAM) and engineering division of the respective OEM for early resolution to the product level cases, vulnerabilities, bugs, features enhancement, patches, versions etc.
• Single point of contact to the Clientʼs stakeholders with respective OEM.
• Maintain the suitable architecture of the technology solution.
• Perform threat modelling of the Clientʼs assets and accordingly define the necessary use cases - Execute Major changes without any disruption and adverse impact.
• Continuously deliver the value of solution to the Clent’s terms of detecting all kind threats, accuracy of detection, value added use cases and content development etc.
• Improvise threat hunting capabilities of the technology.
• Continuous development of analytical, statistical, mathematical models leveraging AI/ML capabilities of the technology to threat detection and prediction capabilities and put in place advanced use cases.
• Continuous fine tuning of configuration, rules, policies etc.
• Continuous innovation and automations in intuitive dashboards, report, queries.
• Optimization of response time to fetch data, logs in advanced queries, reports, dashboards etc. Closely collaborate with onsite team of bidder and other GCSOC OEMs to leverage each technologyʼs capabilities to develop inter-GCSOC and inter.
• IT Infrastructure technologies& services, logs, data ingestion, correlation, alerting etc. and automation.
• Ensure logs ingestion from SBDL automation of incident, vulnerability etc. remediation through SOAR - Threat Intel feed analysis, provide appropriate recommendations, define use cases to detect the threats according to the information provided in Threat intel.
• Troubleshooting the technology level issues to ensure uptime, health, efficiency and optimal utilization of the technology without WebEx / RDP / SSH / remote system level support from offsite subject matter experts.
• Close the vulnerabilities, apply security & enhancement patches, upgrade versions.
• Ensure DC & DR setups are in sync on real-time basis in every manner.
• Participate in DR, cyber, tabletop drills etc.
• Responsible for ensuring end to end tight integration of the Clientʼs IT Assets, other GCSOC solutions, Applications etc.
• Provide management report on respective solutions effectiveness.
• Provide necessary support during the Forensics investigation and threat hunting.
• Perform continuous assessment of respective solution maturity against global standards and fine tune the configuration parameters, technical policies, rules, algorithms accordingly.
• Prepare road map for product maturity and enhancements plan and ensure the recommended featured deliver within the agreed times.
• Provide on the job training to the officials of the Client’s and bidder through structured and unstructured methods. Assess job knowledge of officials.
• Participate in meetings, discussions etc. to provide technology specific perspective. Make presentations on the current technology capabilities, use cases, automation done etc. and current and future enhancements / roadmap etc.
• Above is illustrative list of general activities.
• Technology specific activities shall be arrived at in consultation with the Project Manager of the bidder and / or TAM of respective OEM.

EXPERTISE AND QUALIFICATIONS

Should have working experience on

1. SOAR integration

2. SOAR playbook creation.

3. Cyware SOAR