Security Operations Engineer II

Responsibilities

Security monitoring for Olacabs, Ola Financial Services, Ola Fleet Technologies and Ola Electric organizations.

Safeguard the organizations against potentially malicious events, cyber attacks and frauds.

Derive steps for identifying various suspicious and anomalous activities. Drive log requirements for the same, and build required alerts and notifications.

Develop response playbooks for various scenarios.

Escalate confirmed incidents to various internal teams to get the security issue fixed as soon as possible.

Work hand-in-hand with all relevant stakeholders to identify, investigate and remediate potential threats.

Provide hands-on technical expertise to assist with creating new methods for detection and triage.

Scan networks, discover ports and services running on various networks.

Analyze scan reports, review the identified vulnerabilities and suggest remediation/mitigation plan.

Keep track of new vulnerabilities on various network and security devices from different vendors. Validate if any vulnerability applies to Ola environment.

Keep track of new vulnerabilities on open source as well as third party applications and libraries being used. Validate if any vulnerability applies to Ola environment.

Should be proficient in AWS and/or Azure resources, with a focus around monitoring any configuration changes that could lead to security issues, and work with DevOps in getting them fixed.

Should have good understanding on SQL queries.

Perform manual analysis of log files to identify attack patterns.

Identify sequences of API calls for any Mobile App functionality: say “booking a cab”. Identify and implement security logging and alerting requirements needed to detect any abuses for the functionality.

Participate in Engineering Design Meetings to implement “Monitoring in SDLC”. Ensure necessary alerting requirements for a functionality are in place, before the feature goes into production.

Automate repetitive tasks. Implement SOAR (Security Orchestration, Automation and Response).

Ready to work for 24/7 Support

Qualifications

You have experience in investigating information security incidents.

You possess Demonstrable experience in AWS and Azure.

Possess the capability to develop various use cases for abuse and frauds.

Should have the capability to build detection capabilities.

Experience with sandboxing and malware analysis.

Incident Response experience.

Working knowledge of Python (2 & 3), PowerShell, and Bash. Experience with Automating repeated tasks.

Experience with using tools like Burpsuite, Wireshark for intercepting and modifying traffic.

Experience with using Kali Linux tools, Metasploit etc.

Knowledge of protocols like HTTP, HTTPS, TCP/IP, WebSocket, SSH, SFTP, RDP etc.

Knowledge of Authentication standards like SAML, OAuth etc.

Able to perform Forensic Analysis of laptops, Mobile devices, Servers etc.

Experience with SumoLogic SIEM is good to have.