EXPERIENCE / REQUIREMENT :-

• Proficiency in SIEM tools (Splunk, QRadar, Sentinel, etc.)
• Understanding of network protocols, malware behavior, and attack lifecycle.
• Familiarity with forensics tools and packet analysis (e.g., Wireshark).
• Ability to work with threat intelligence and apply it to real-time investigations.
• Able to standby after office hours for supporting L1 analysts as well as attending to critical incidents.

As a Cyber Security Engineer, your primary role will be, but are not limited to:

1) Incident Investigation

• Perform in-depth analysis of security alerts escalated by L1 analysts.

• Investigate suspicious activity using SIEM, EDR, NDR, firewall and other logs.Use threat intelligence to enrich investigations and identity attacker tactics (MITRE attack, IOC/IOA correlation)

2) Incident response

• Co-ordinate containment, eradication and recovery efforts for security incidents.

• Escalate critical incidents to L3 analysts or incident response teams.Participate in incident response planning and post mortems.

3) Use Case Tuning and Development

• Help improve alert fidelity by tuning existing SIEM use cases (reduce false positives).Provide feedback to engineers on detection rule effectiveness.

4) Documentation and Reporting

• Create and maintain incident reports, evidence logs, and case notes.Document playbooks or runbooks for repeatable tasks and incidents.

5) Mentoring and Collaboration

• Assist in training and guiding L1 analysts.Collaborate with IT, threat intelligence, and other security teams.