Intertec Systems - Technical Support Engineer - Security Operations Center (5-8 yrs)

Skills :

- SIEM TOOLS, VPN technologies, SPLUNK, IDS/IPS, SOC environment, XDR, Windows/Unix ports.

EXPERIENCE : 5-8 Years

Key Responsibilities :

RESPONSIBILITIES (INCLUDES TASKS AND AUTHORITIES) :

- Detect, identify, and promptly alert on potential attacks, intrusions, anomalous activities, and misuse, distinguishing them from benign events.

- Conduct research, analysis, and correlation across diverse data sets to identify indications and warnings of threats.

- Analyze network alerts from multiple sources and determine their root causes and potential impact.

- Provide daily summary reports of relevant network and security events.

- Notify and coordinate with managers and incident responders, clearly articulating event history, status, and potential business impact as per the incident response plan.

- Analyze and report on system security posture trends.

- Assess access controls based on the principles of least privilege and need-to-know.

- Perform vulnerability management, including scanning, analysis, and follow-up on critical vulnerabilities.

- Lead and participate in incident response activities, including root cause analysis and remediation recommendations.

- Develop, review, and maintain SIEM correlation rules and incident response playbooks.

- Provide mentorship and guidance to L1 SOC analysts, reviewing and escalating tickets as needed.

- Stay current with emerging threats, vulnerabilities, and regulatory security requirements.

Required Skills & Experience :

- 2 to 4 years of experience in a SOC environment, with at least 1 year in a Level 2 (L2) role.

- Proficiency in Splunk SIEM: log analysis, rule creation, dashboarding, and incident investigation1.

- Hands-on experience with Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) platforms.

- Strong knowledge of network security protocols, intrusion detection/prevention systems (IDS/IPS), and firewall/VPN technologies.

- Ability to perform packet-level analysis using tools such as Wireshark or tcpdump.

- Experience in malware analysis, digital forensics, and threat intelligence platforms1.

- Familiarity with authentication, authorization, and access control methods.

- Strong understanding of incident response and handling methodologies.

- Experience interpreting data from network tools (e.g., nslookup, ping, traceroute).

- Knowledge of Windows/Unix ports, services, and operating system command-line tools.

- Understanding of key security management concepts (e.g., patch management, release management).

- Excellent analytical, problem-solving, and communication skills.

- Experience in documenting and reporting security incidents and trends.

CERTIFICATIONS(Any Three) :

- Relevant certifications such as SPLUNK, Certified SOC Analyst (CSA) , CompTIA Security+.

Technical Skills /Competencies :

MANDATORY :

- SIEM tools (e.g., Splunk, QRadar).

- Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS).

- Firewall and VPN technologies.

- Threat intelligence platforms & Endpoint detection and response tools.

- Hands-on experience with Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) platforms.

- Strong knowledge of network security protocols, intrusion detection/prevention systems (IDS/IPS), and firewall/VPN technologies.