Threat Hunter – SOC
Institute of Information Security
Job, WV
Job Code:HR1051

Location:Mumbai

Experience: 2-3 years

Job Description:
Would understand the data logs available in an Organization.

Help in developing security data models and metrics.

Work on enabling to use the data effectively to generate meaningful rules and reports.

Understanding of Log sources such as Operating System, Database, Web servers, Security and Network Technologies

Responsible for normalization of logs either by reviewing the log baseline of log sources or recommending changes on log sources to reduce noise

Creation of UDSM (Universal Device Support Module) or custom Parsers for log sources that are not supported in Qradar

Analyze logs for unknown and stored events and accordingly resolve to ensure that there is no miss of security incidents

Monitoring of EPS and FPM dashboard for violations

In-depth understanding of security events/logs that can arise from various protection devices (IPS/WAF/DDOS/APT etc) and derive strategy to build use cases by SIEM Content developer.

Understand QRADAR product architecture - Understanding logs, Log formats, identify appropriate information for Log parsing and SIEM rule creation, Log Source Review

Suggest logging levels and baseline log sources.

Evaluate and suggest new use cases

Consume inputs from Monitoring and IR team for new Rule development.

Responsible for fine-tuning of use cases in SIEM implemented security technologies for security effectiveness and reducing false-positives. - Collate inputs from Monitoring and Incident Response team for new use case development

Understanding of Log sources such as Operating System, Database, Web servers, Security and Network Technologies.