TECHNICAL LEAD - SOC 2
Happiest Minds Technologies · Bengaluru, Karnataka, India
Happiest Minds Technologies · Bengaluru, Karnataka, India
- Threat Intelligence and Advisory Management As part of this service, the IBM will perform the following: **Threat Sources Covered** Monitor, aggregate, and analyze threat intelligence and advisories from multiple sources, including but not limited to: - Commercial Threat Intelligence Platforms (e.g., Anomali, Recorded Future) - Vendor Security Advisories (e.g., Microsoft, Cisco, Palo Alto, Akamai) - Government and CERT Alerts (e.g., UAE CERT, US-CERT, ENISA) - Threat feeds from SOC and SIEM/SOAR platforms - Crowd-sourced threat platforms and Bug Bounty findings (e.g., Bugcrowd) - Open-source intelligence (OSINT) sources - Dark Web intelligence sources (where applicable) - Internal threat hunting findings - Partner advisories and industry-specific alerts. **General Service Requirements** - Maintain continuous monitoring and validation of incoming threat intelligence. - Analyse the potential impact of threats on the Group?s infrastructure, applications, users, and data. - Prioritize threat advisories based on business relevance, criticality, and risk exposure. - Provide actionable threat advisories with mitigation recommendations. - Integrate threat intelligence outputs with SOC, Incident Response, and Vulnerability Management processes. - Ensure threat intelligence-driven response activities are tracked, actioned, and closed. - Develop and maintain threat advisory and intelligence playbooks for standardized processes. **Threat Detection and Collection** - Collect and normalize threat advisories and intelligence feeds. - Validate the authenticity and credibility of threat sources. - Remove noise and false positives to focus on credible and impactful threats. **Threat Analysis and Prioritization** - Perform enrichment on threat data using internal telemetry and external datasets. - Correlate identified threats with the Group?s asset inventory and critical systems. - Prioritize threats based on risk to the business (high, medium, low impact). **Threat Advisory Notification and Actioning** - Prepare clear, actionable threat advisories including: - Threat description - Potential impact - Affected systems/services - Recommended immediate and long-term mitigation actions - Disseminate advisories to relevant stakeholders (e.g., IT, Security Operations, Business Units). - Raise Threat Advisory Tickets (TA Tickets) where action is required. - Assign and track closure of mitigation actions within agreed timelines. **Threat Intelligence Playbooks** - Develop structured playbooks for threat collection, validation, analysis, dissemination, and response. - Ensure continuous updating of playbooks based on evolving threat landscapes and operational lessons learned. - Align playbooks with MITRE ATT&CK, NIST, and other cybersecurity frameworks where applicable. **Threat Campaign Monitoring** - Identify ongoing threat campaigns targeting the Group?s sector or geography. - Provide early warnings on advanced persistent threats (APTs), ransomware groups, and significant actors. - Recommend preventive and defensive measures based on observed campaigns. **Threat Hunting Support** - Use threat intelligence to proactively identify indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs) that could already exist in the environment. - Support threat hunting activities based on high-fidelity threat intelligence and emerging threat patterns. **Threat intelligent Platform Management & Operations** - Perform daily, weekly, and monthly operational health checks. - Maintain and update threat intelligence feeds (commercial, open-source, and internal). - Perform platform upgrades, patches, and system tuning. - Ensure high availability and business continuity configurations are in place. - Monitor and manage platform performance and storage utilization. - Manage user access, roles, and permissions according to governance policies. - Enable role-based dashboards for SOC, IR, Threat Hunting, and Management. - Conduct quarterly access reviews. - Integrate various threat intelligence feeds (e.g., STIX/TAXII, MISP, ISACs). - Validate, de-duplicate, and normalize intelligence data. - Prioritize threat indicators based on relevance to the organization. - Regular review and curation of feeds for noise reduction and enrichment. - Integrate TIP with SIEM (e.g., QRadar, Splunk), SOAR, EDR, firewall, and other security controls. - Automate indicator enrichment and correlation in SOC tools. - Enable automated blocking of high-confidence IOCs in firewalls or proxy solutions. - Develop and maintain integration of playbooks and dataflow documentation. Cyber Security