SOC Lead with ArcSight and Sentinel

About Us:

LTIMindtree is a global technology consulting and digital solutions company that enables enterprises across industries to reimagine business models, accelerate innovation, and maximize growth by harnessing digital technologies. As a digital transformation partner to more than 700 clients, LTIMindtree brings extensive domain and technology expertise to help drive superior competitive differentiation, customer experiences, and business outcomes in a converging world. Powered by nearly 90,000 talented and entrepreneurial professionals across more than 30 countries, LTIMindtree — a Larsen & Toubro Group company — combines the industry-acclaimed strengths of erstwhile Larsen and Toubro Infotech and Mindtree in solving the most complex business challenges and delivering transformation at scale. For more information, please visit www.ltimindtree.com

SOC Lead with ArcSight and Sentinel

Erlanger, Kentucky

Candidates must have a minimum of 8 years of experience in Security Operations and Incident

Response, with proficiency in tools like ArcSight and Sentinel.

The role involves incident triage, threat management, coordination with stakeholders, and support for the Security Operations Centre (SOC) during incident response and threat hunting activities such as below:

• Deliver world-class incident response services, managing customer engagements from initial incident scoping to final reporting, and driving investigations through the entire IR lifecycle.
• Coordinate and guide SOC Analysts during major investigations.
• Support proactive threat hunting and Conduct threat emulation activities as part of LTIMindtree Detection & Response capability helping clients assess their ability to respond to major threats using their existing tools.
• Advise clients on security best practices and strategies for mitigating attacks through enterprise security controls.
• Capture and apply knowledge of the latest attacker methodologies to improve response efforts.
• Ensure compliance to SLA, process adherence and process improvisation to achieve operational objectives
• Revise and develop processes to strengthen the current Security Operations Framework, Review policies and highlight the challenges in managing SLAs aligning with customer
• Prepare and practice IR plans, perform tabletop exercises, etc.
• Responsible for team & vendor management, overall use of resources and initiation of corrective action where required for Security Operations Centre
• Perform threat management, threat modelling, identify threat vectors and review use cases for security monitoring
• Responsible for integration review of standard and non-standard logs in SIEM
• Submission of reports, dashboards, metrics for SOC operations and presentation to Sr. Mgmt.
• Co-ordination with stakeholders, build and maintain positive working relationships with them.
• Provide support to the Security Operations Center (SOC) during incident response, event monitoring, and threat hunting activities. Responsibilities include cyber threat analysis support, research, recommending appropriate remediation and mitigation.
• Incident & Problem Management – Monitoring, Validation, Analysis, Triage, Escalation, Response and Resolution
• Knowledge on SIEM & Log source integration
• Use Case Fine tuning and New Use case creation
• Cyber threat analysis support, research and recommend appropriate remediation and mitigation
• Trending and correlation of monitored events to build new Indicators of Compromise (IOC), attack attribution and helping establish countermeasures increasing cyber resiliency
• Identification of advanced cyber threat activities, Endpoint Detection & Response, intrusion detection, incident response, malware analysis, and security content development (e.g., signatures, rules etc.); and cyber threat
• Excellent verbal and written communication skills, with the ability to clearly convey investigation findings and remediation steps to both technical and non-technical audiences, including executives and legal teams.
• Proficient in one more of the following computer languages PowerShell, Bash, Python, or Visual Basic to support cyber threat detection or reporting. Security API implementations can be considered as well.
• Candidate must have a deep understanding of several of the following fields: Email security (including PDF and Document analysis), digital media forensics, monitoring and detection, incident response, vulnerability assessment, penetration testing, cyber intelligence analysis and network analysis
• Deep understanding of either the Lockheed Cyber Kill Chain or MITRE Attacks framework (MITRE preferred)
• Familiarity with security industry standards ( NIST 800 series, GDPR etc.)
• Solid analytical and problem-solving skills, with the ability to identify and mitigate data security risks.
• Excellent communication skills, with the ability to work cross-functionally with IT, legal, and business stakeholders.
• Knowledge of threat intelligence platforms and advanced persistent threats (APT).
• Strong technical expertise in at least two of the following areas:
• Host forensics (Windows / Mac / Linux)
• Network traffic analysis
• Log review
• Malware triage
• Cloud technologies .

Benefits/perks listed below may vary depending on the nature of your employment with LTIMindtree (“LTIM”):

Benefits and Perks:

• Comprehensive Medical Plan Covering Medical, Dental, Vision
• Short Term and Long-Term Disability Coverage
• 401(k) Plan with Company match
• Life Insurance
• Vacation Time, Sick Leave, Paid Holidays
• Paid Paternity and Maternity Leave

The range displayed on each job posting reflects the minimum and maximum salary target for the position across all US locations. Within the range, individual pay is determined by work location and job level and additional factors including job-related skills, experience, and relevant education or training. Depending on the position offered, other forms of compensation may be provided as part of overall compensation like an annual performance-based bonus, sales incentive pay and other forms of bonus or variable compensation.

Disclaimer: The compensation and benefits information provided herein is accurate as of the date of this posting.

LTIMindtree is an equal opportunity employer that is committed to diversity in the workplace. Our employment decisions are made without regard to race, colour, creed, religion, sex (including pregnancy, childbirth or related medical conditions), gender identity or expression, national origin, ancestry, age, family-care status, veteran status, marital status, civil union status, domestic partnership status, military service, handicap or disability or history of handicap or disability, genetic information, atypical hereditary cellular or blood trait, union affiliation, affectional or sexual orientation or preference, or any other characteristic protected by applicable federal, state, or local law, except where such considerations are bona fide occupational qualifications permitted by law.

Safe return to office: In order to comply with LTIMindtree’ s company COVID-19 vaccine mandate, candidates must be able to provide proof of full vaccination against COVID-19 before or by the date of hire. Alternatively, one may submit a request for reasonable accommodation from LTIMindtree’s COVID-19 vaccination mandate for approval, in accordance with applicable state and federal law, by the date of hire. Any request is subject to review through LTIMindtree’s applicable processes.