Infosec-Admin (RARR Job 5569)

EDUCATIONAL QUALIFICATIONS

• B. Tech / B.E. / MCA - Any Specialization

EXPERIENCE (Mandatory)

• Around 3-5 years in managing InfoSec Operations with good technology knowledge in information security domains

Skills Required
Candidates should have the following skills:

1. Sound knowledge of platform & operations related to InfoSec Operations.

2. Good understanding of core EDR platform with threat hunting capabilities.

3. Good understanding of Firewall, EDR, WAF & DNS technologies.

4. Experience in handling a team of Analysts to run InfoSec Operations.

Job Responsibilities

1. EDR Management:

• Lifecycle of EDR management for Servers hosted in Corporate IT Datacenter (Installation, Uninstallation, Troubleshooting, compliance).

• Investigation & Remediation of Identified Incidents (post exclusion of noise).

• Monthly Reporting to Corporate IT with respect to EDR health & issues.

• Vendor support coordination as needed.

• USB access request handling.

2. Vulnerability Management:

• Performing VA scans via tool as identified by CIT.

• Assessment & presentation of reports on request basis.

• Remediation of findings with Application owner.

• Quarterly VA scans for critical DC infra & report preparation.

• Import scans from VA tool to GRC tool and assignment of assets to respective stakeholders.

• Tracking of vulnerability using GRC tool. Managing false positives on GRC tool.

• Generate reports as per requirement.

• Ensure VA scan of all new servers and network devices before Go-live as per process.

• Maintenance of VA Tool.

• Vendor support coordination as needed.

3. Deep Discovery Administration:

• Daily monitoring of the Malicious Events.

• Identifying infected machines and contacting Local IT Person for required Logs using ATTK tool.

• Uploading the logs to the Trend Micro Portal and working on the action items.

• Monitor malicious SMTP traffic on Deep Discovery and verify that the traffic is getting dropped at Anti-Spam Gateway.

4. Deep Security Administration:

• Installation of the agent on the Critical servers provided by L&T CIT.

• Running the Recommendation scan for IPS engine and applying the rules.

• Verifying that the applications of respective servers are not facing issues due to Deep Security rules.

5. Network IDS:

• Monitoring Network for potential critical incidents.

• Performing Noise reduction to root out false positives.

• Taking corrective actions as needed for remediating identified incidents.

• Vendor support coordination as needed.

6. Firewall Optimization & Review:

• Periodic review of Rules in Firewalls managed by CIT.

• Recommending changes / optimization as needed.

• Maintenance of Tool.

• Vendor support coordination as needed.

7. Web Application Firewall:

• Onboarding / Deboarding of Applications on Cloud WAF on request basis.

• Creating & Enforcing policies relevant to applications.

• Vendor support coordination as needed.

8. Privilege Access Management (PAM):

• Allocation / Deallocation of Users to PAM tool.

• Mapping of Servers within PAM for access.

• Review of alerts & overall user of PAM.

• Maintenance of tools.

• Reporting of Exceptions & overall statistics to CIT.

• Vendor support coordination as needed.

9. Deception Monitoring:

• Monitoring of exceptions & alerts coming from tool.

• Remediation of significant incidents identified.

• Vendor support coordination as needed.

Soft Skills

1. Good communication skills (verbal / written).

2. Should be a self-starter, motivated.

3. Should be able to lead a team of 2-3 analysts to handle operations.

CERTIFICATIONS (Optional)

• Security certifications from CompTIA Security+, ISC2 Certified in Cybersecurity (CC), EC-Council Certified Ethical Hacker (CEH), GIAC Security Essentials (GSEC).