Position Details: SOC System Administration
Job title: SOC System Administration
Experience: Minimum 5 Y
No. of position: 3
Employment Type: 3rd party payroll (Indovision Services Pvt. Ltd.)
Client: Kyndryl Soultion Pvt. Ltd.
*** Need candidate who can join in 15 days***
- Resource Qualifications: B. Tech / B.E. or equivalent Degree or above in the field of CS/IT
- Resource Experience: Min 3 Years in SIEM implementation and administration/management
Administration and maintenance of SOC Infra/Systems deployed in the Bank.
The Systems include –
1) QRadar Devices/Servers ~ 25 Physical Machines + 43 VM's. (Required till phasing-out)
2) Securonix Devices/Servers ~ 70 nos.
3) Threat Intelligence Platform (TIP) Devices/Servers ~ 26 VM's.
- Daily Checklist/Dashboard for SOC Systems/Infra Health Monitoring. i.e. (CPU Utilization, Memory Utilization and HDD Space, TI feeds status etc.)
- Publish SIEM EPS Consumption Dashboard (Weekly). Also suggest best practices for reduction of EPS consumption, wherever possible.
- Perform Health and Availability monitoring and notification of the Systems and resolve notification/Errors.
- Perform Validation of successful configuration backup and log archival based on Bank policies.
- Notify Bank’s senior stakeholders in case of any critical essential feed, process or service goes down from CSOC perspective.
- Work on automation requirements through APIs. (Integrate SIEM, CA Service Desk, XSOAR, TIP etc.).
- Rules management (Development, testing and change management) and baseline review for SIEM log sources.
- Integrate supported/unsupported log sources in SIEM, in coordination with application team/ server team. Develop custom parsers for new custom applications & security devices to collect & analyse the logs, which are by default not supported by the SIEM.
- Update Content / Reference sets on daily basis, depending on receiving the same from the authorized TI sources.
- Integration of new Threat Intelligence Feed Sources.
- Perform SIEM version & patch upgrades and perform required prechecks before initiating.
- Performance Optimization i.e. Reduce Stored/Unknown events, Log Baseline review of high EPS log sources, Index Management for frequently search attributes, Review QID Mapping for custom parsers, Review and improve incomplete accumulations, Custom Event Properties Optimization, Custom Rules Tuning, Wincollect Profile Fine Tuning.
- Troubleshooting of non-logging cases & coordination with relevant stake-holders for resolution.
- Deletion / Clean-up/ Disabling unused integrated devices after duly approved CR/ Call ID.
- Provide Audit evidences whenever required, after taking approval from Bank team.
- Run vulnerability scanner (using QVM) and collect Vulnerability info for Bank Assets & Run Discovery scan to find rogue assets.
- Follow approved Change/Release process to do changes in the infrastructure. Prepare Plan of action & roll-back for all the activities.
- Periodic health checks (Quarterly) & prepare report along with remediation for all the findings.
- User Access Management Activity (Monthly)/ User dormancy report creation.
- Preparation of MBSS Document (Yearly).
- Preparation of Capacity Management Document (Quarterly).
- Prepare Non-logging bucketing report (Quarterly).
- Network Hierarchy updating (bi-annually).
- Preparation & Review of SOC infrastructure diagram (biannually) and update SOC Infra server inventory (Biannually).
- Raise Ticket with respective OEM for issues observed in SOC infrastructure (Hardware & Software), Provide all the details of the issue, Upload logs requested by the support team and Follow-up with Support Team for closure of the tickets.
- Manage/Track/Respond to Call IDs raised by various team for Troubleshooting Incident, Reference Set Update, Informational, Integration etc. and make sure they are closed without SLA breach.