Job Description :
Job Title SOC Analyst Location Atlanta, Georgia Duration 6+ Months MUST HAVE SKILLS FOR THIS PROJECT: SYMANTEC ENDPOINT PROTECTION SYMANTEC ADVANCE THREAT PROTECTION. SPLUNK SIEM Responsibilities: - Handling escalations and work as L3 analyst for remediation of Security Incidents. Participate in Incident Response and investigation of suspected information technology security misuse and provide recommendation to Clients for Global Threats (Like WannaCry, Petya, Non-Petya Bab-Rabbit, Zero-day vulnerability Ability to write Complex use cases configured for different sophisticated attacks like DNS Reconnaissance, Phishing, Spearphish, APT, Lateral Movement, Browser Compromised, DNS Amplification, Event analysis, attack identification, investigation and correlation, and implementation of mitigation measures. Ability to identify the adversarial activity and methods for future detection and prevention. Use a combination of Open Source research of exploits or vulnerabilities, including Zero Day, network flow, log review, event correlation, and PCAP analysis to complete investigations. Deep investigation of potential attacks and potentially compromised systems Forensic analysis of network traffic or windows hosts. Leading or participating in the incident response process Provide recommendations and implement changes to optimize Splunk detection capabilities Generate required SOC reports and metrics Need Splunk hands on with SOC L2 and L3 activities. To be refine all L2 tickets. Review timely all SOPs. Finetune Splunk correlation rules. Check quality of tickets closed by L2 team. Also having knowledge on Sentinel is added advantage. The resource should be ready to work in odd office hours to manage critical incidents. Requirements / Qualifications: - 6+ years of work experience, with a minimum of 4 years of experience in SOC Hands on experience with incident analysis and Deep understanding of Windows internals Ability to develop remediation plans based on organizational needs and priorities Excellent understanding of Splunk SIEM Console Good understanding of networking and network security technologies (IDS, Firewall) Ability to maintain working relationships with diverse stakeholders Excellent written and oral communication skills Should also have experience in developing content/use cases for Splunk monitoring and Should have relevant Splunk certification Demonstrated skill in troubleshooting - ability to provide resolution and/or workarounds to complex problems and Provide guidance and support for Tier 1/Tier 2 Security analyst. Security certifications such as CEH CISSP are preferred. Thanks and Regards Harish Reddy