Lenovo

Experience & Skills:

• Education: Bachelor’s degree or equivalent in technology is preferred.
• Experience: Minimum of 8+ years of relevant experience in IT Infrastructure Support – various cybersecurity tools (Splunk, QRadar, ArcSight SIEM tools, SentinelOne EDR, Encryption MBAM, Carbon Black, Absolute, TrendMicro, Symantec Endpoint Security etc.) preferably with multiple client’s landscape and technology landscapes (Windows Server, Unix, Linux).
• Strong knowledge of Security Operations Center (SOC).
• Previous experience in design, implementation of enterprise security software solutions.
• Required Experience in administrating or monitoring detection/security tools: SIEM, EDR, Endpoint Protection, IPS/IDS, DLP, Cloud Security (GCP. AWS, Azure), Identity and Access Management, Firewalls and Networking
• Strong knowledge of troubleshooting, client relations, and cybersecurity principles. Ability to implement a plan to address and mitigate security vulnerabilities.
• Excellent experience in threat intelligence, network forensics.
• Experience on variety of other security devices found in a SOC environment.
• Experienced in supporting for large/medium Manage Services accounts.
• Strong knowledge in firewalls, ID/IPS, AV/EDR, Proxy, DNS, email, AD, etc.
• Solid understanding in Log formats of various security devices like Proxy, Firewall, IDS/IPS DNS,
• Understanding of network architecture.
• Understanding of current trends in attacker and threat actor tools, techniques, and procedures (TTP) and mitigation steps.
• Core understanding of possible attacks activities such as network probing/scanning, DDOS, etc.
• Hands on experience with Microsoft security technologies such as Microsoft Defender for Endpoint, Microsoft Cloud App Security and Azure Sentinel.
• Experience with digital forensics, penetration testing, threat intelligence, malware analysis or reverse engineering.
• Experience with a scripting language (Python, Bash, PowerShell, etc.).
• Relevant expert level technical certifications (Security+, CEH, CISSP, CISM, etc.)
• Strong problem-solving and analytical skills, initiative, eagerness to learn, improve, and ability to work independently within a team structure
• Proven ability to work under stress in emergencies, with the flexibility to handle multiple high-pressure situations simultaneously
• Good understanding of ITIL (Information Technology Infrastructure Library) principles
• Excellent command over verbal & written English Language
• Experience with various service delivery technical tools
• Good Communication and presentation skills
• Persistent, detail oriented, able to multitask
• Ability to work for large organization in a complex and heterogeneous IT environment
• Ability to work across Geographies and multi-cultural environments.
• Experience in working with both physical and virtual teams

Job Deliverables:

• L3 level Investigation of triaged events and incidents using SIEM technologies, Endpoint Detection and Response platforms, and various cybersecurity tools.
• Support and lead security incident response in a cross-functional collaboration environment driving towards incident resolution
• Acknowledge, analyze, and validate incidents triggered from correlated events through various tool used in SOC operation.
• Design, implementation and troubleshooting of Info. Sec. solutions
• Technical support to L1 & L2 level Security tools.
• Handle Technical escalations & crisis Management.
• Lead technical transition of Cyber security technologies for new FMS customers.
• Prepare / approve the technical SOPs for Cyber security domain for managed services and implementation services.
• Escalating and getting solution from OEM Support Team
• Design, Implementation and troubleshooting of various Security tools.
• Security tool Migration - (Platform Migration / DB to DB Migration).
• Security tool upgrade & patching
• Task Automation using Scripts
• Plan and lead activities from pre to post. Create POA with all required details.
• Design, implementation & Troubleshooting of Security tool & Database Backup and restore - (Using native tools & Backup solutions)
• Security tools auditing & Performance tuning
• Responsible to mentor the L1/L2 team to build an appropriate support capability in line with the service offerings and customer technology landscape.
• Keeping up to date with technology trends and developments.
• Work closely with service delivery team and ensure the agreed KPIs with customers are met.
• Prepare the RCAs and technical analysis on time for all P1 tickets, critical issues and on need basis.
• Provide feedback on necessary improvements and process re-engineering to Technical Domain Leads.
• Identifying risks and forming contingency plans as soon as possible.
• Providing accurate and regular reports to the management on performance of the Domain Engineers
• Provides technical feedback to L2/L1 to improve individual performance and overall service delivery.
• Always ensure customer satisfaction