SOC L2 (Splunk/Qradar)

Skills :- Splunk /Qradar

- Configuration ,Implementation/Administration and Monitor Console & Dashboards and provide response to the reported incidents

- Monitor SIEM tool health and perform rules fine tuning

- Perform initial analysis for known issues and provide the appropriate recommendations for closure.

- Monitor & Reporting of system components health and take necessary action in case of any observed issue.

- Provide notification and communication with Incident management and respective application team upon threat detection.

- Incident closure coordination and follow up with resolution team and other SOC solution teams.

- Monitoring and coordination of SOC standard activities like backup, patching, basic installation of agents (if applicable) etc.

- Daily report preparation on number of incidents detected, closed, in progresses, open security issues

- Maintain post incident documentation about all the actions taken, root cause, controls implemented.

- Above is an illustrative list of general activities. Technology specific activities shall be arrived at in consultation with the Project Manager L1 & L2 resource