SOC- SIEM (Splunk) I Consultant

Key Responsibilities: 2.5years - 7Years • Conduct deeper analysis of security events and alerts generated by Splunk & EDR, correlating data across various sources to identify potential security threats. • Perform advanced triage, classification, and root cause analysis of escalated security incidents. • Utilize the Splunk & EDR platform to investigate complex security events, identifying patterns and relationships in logs to identify potential malicious activities. Incident Escalation and Resolution • Escalate high-priority and complex security incidents and work closely with the Level 3 team to get expertise and guidance. • Engage with incident response teams to perform deeper forensic analysis and assist with the containment, mitigation, and recovery phases of security incidents. • Document and communicate incident findings, ensuring a clear and concise record of the investigation and resolution process. Collaboration and Knowledge Sharing • Collaborate with the L1 analysts, L2 peer team, senior engineers, and other stakeholders in the security operations lifecycle to ensure smooth and effective incident handling. • Participate in security operations meetings, helping to continuously refine and improve processes. Reporting and Compliance • Assist in generating reports for security incident analysis, compliance audits, and management reviews. • Support internal and external audits, providing data, logs, and documentation as needed. • Help track security metrics and performance indicators to support security operations reporting. Continuous Improvement and Research • Stay updated on the latest trends in cybersecurity threats, vulnerabilities, and defense mechanisms to enhance the team's capabilities. • Suggest improvements to the security monitoring processes and help implement new detection technologies and methodologies. Desired qualifications • Bachelors degree in computer science, Cybersecurity, or related field, or equivalent experience. • Minimum of 4-6 years of experience in cybersecurity, IT security operations, or incident response. • Prior experience in a Security Operations Center (SOC) or handling security incidents in an enterprise environment. • Experience with security monitoring, SIEM platform tuning, and threat detection engineering. Technical Skills • Advanced proficiency with Splunk & EDR platforms. • In-depth understanding of network protocols (TCP/IP, DNS, HTTP, etc.), security devices (firewalls, IDS/IPS, etc.), and endpoint security technologies (EDR, antivirus, etc.). • Hands-on experience with log analysis, data correlation, and incident investigation. • Familiarity with threat intelligence tools, data sources, and feeds. • Strong understanding of security frameworks, including MITRE ATT&CK, NIST, and OWASP. Preferred Certifications • CompTIA Security+, CEH or similar certifications. • Splunk, EDR Certified Security Engineer or other relevant certifications. Location and way of working Base location: Hyderabad Professional is required to work from office.