SME - GCP Security, Palo Alto Firewall

Job Summary

Job Summary\r\n As an L3 SOC Analyst (Onsite), you will serve as the senior-most technical. You will provide advanced threat detection, incident response leadership, and threat hunting capabilities. This is a customer-facing role requiring strong stakeholder engagement, technical presentation skills, and the ability to represent HCL CSFC's MXDR capabilities with excellence.\r\n Roles & Responsibilities\r\n Incident Response & Escalation\r\n Act as the primary escalation point for L1 and L2 SOC analysts for all complex security incidents.\r\n Lead incident response activities, including containment, eradication, root cause analysis (RCA), and recovery.\r\n Perform advanced triaging and collaborate with resolver groups, third parties, and designated customer contacts for incident resolution.\r\n Conduct post-incident reviews (PIR) and contribute to detailed investigation and RCA reports for customer governance.\r\n Threat Hunting & Intelligence\r\n Design and execute proactive threat hunting activities using SIEM, EDR, and advanced query languages (KQL, SPL).\r\n Perform both IOC-based and hypothesis-based threat hunting, correlating with the latest threat intelligence feeds.\r\n Analyse emerging threat intelligence and map findings to the MITRE ATT&CK; framework for enhanced detection.\r\n Create and deliver threat hunting reports and advisories based on defined KPIs for customer consumption.\r\nSIEM/SOAR & Detection Engineering\r\n Develop and fine-tune detection use cases, correlation rules, and automated response playbooks.\r\n Provide expertise in SIEM/SOAR platform optimization, log source integration, and content management.\r\n Lead efforts to reduce alert fatigue through rule tuning, false-positive suppression, and analytics engine optimization.\r\n Collaborate with OEM support teams for issue resolution and product improvements.\r\n Customer Engagement & Governance (Onsite Specific)\r\n Serve as the face of HCL CSFC, building trust and maintaining strong stakeholder relationships.\r\n Participate in and present during Monthly Security Operations Reviews (MSOR), weekly governance calls, and ad-hoc executive briefings.\r\n Provide technical analysis reports, security posture assessments, and actionable recommendations.\r\n Coordinate with customer IT/Security teams, OEM vendors, and HCL offshore teams for seamless service delivery.\r\n Drive SLA/KPI adherence (MTTD, MTTR, MTTA, MTTN) and ensure contractual compliance.\r\n Mentorship & Knowledge Transfer\r\n Act as the SME (Subject Matter Expert) and provide technical guidance and mentorship to L1 and L2 analysts.\r\n Conduct knowledge transfer sessions, training workshops, and tabletop exercises at the customer site.\r\n Develop and maintain SOPs, runbooks, and escalation workflows for SOC operations.\r\n Technical Skills Required\r\n Category\r\n \r\n Required Skills\r\n\r\n\r\nSIEM Platforms\r\n \r\n Expertise in any 2 of: Splunk, Microsoft Sentinel, Google Chronicle, Palo Alto XSIAM\r\n\r\n\r\nEDR Platforms\r\n \r\n Hands-on experience in any 2 of: Crowd Strike Falcon, Microsoft Defender XDR, Sentinel One, Cortex XDR, Cisco Secure Endpoint\r\n\r\n\r\nSOAR Platforms\r\n \r\n Experience with XSOAR, Siemplify (Chronicle SOAR), Tines, or equivalent\r\n\r\n\r\n Query Languages\r\n \r\n Proficiency in KQL, SPL, YARA-L, or equivalent for advanced hunting\r\n\r\n\r\n Scripting & Automation\r\n \r\n Strong skills in Python, PowerShell for automation and scripting\r\n\r\n\r\n Frameworks\r\n \r\n Deep understanding of MITRE ATT&CK;, Cyber Kill Chain, NIST CSF, ISO 27001\r\n\r\n\r\nOS Knowledge\r\n \r\n Strong understanding of Windows, Linux, and macOS endpoint security and attack techniques\r\n\r\n\r\n Cloud Security\r\n \r\n Familiarity with Azure Defender, M365 Defender, Defender for Cloud, AWS Security Hub\r\n\r\n\r\n Forensics\r\n \r\n Experience in forensic investigations, malware analysis, and digital evidence handling\r\n\r\n\r\n Reporting\r\n \r\n Experien

Key Responsibilities

Job Summary\r\n As an L3 SOC Analyst (Onsite), you will serve as the senior-most technical. You will provide advanced threat detection, incident response leadership, and threat hunting capabilities. This is a customer-facing role requiring strong stakeholder engagement, technical presentation skills, and the ability to represent HCL CSFC's MXDR capabilities with excellence.\r\n Roles & Responsibilities\r\n Incident Response & Escalation\r\n Act as the primary escalation point for L1 and L2 SOC analysts for all complex security incidents.\r\n Lead incident response activities, including containment, eradication, root cause analysis (RCA), and recovery.\r\n Perform advanced triaging and collaborate with resolver groups, third parties, and designated customer contacts for incident resolution.\r\n Conduct post-incident reviews (PIR) and contribute to detailed investigation and RCA reports for customer governance.\r\n Threat Hunting & Intelligence\r\n Design and execute proactive threat hunting activities using SIEM, EDR, and advanced query languages (KQL, SPL).\r\n Perform both IOC-based and hypothesis-based threat hunting, correlating with the latest threat intelligence feeds.\r\n Analyse emerging threat intelligence and map findings to the MITRE ATT&CK; framework for enhanced detection.\r\n Create and deliver threat hunting reports and advisories based on defined KPIs for customer consumption.\r\nSIEM/SOAR & Detection Engineering\r\n Develop and fine-tune detection use cases, correlation rules, and automated response playbooks.\r\n Provide expertise in SIEM/SOAR platform optimization, log source integration, and content management.\r\n Lead efforts to reduce alert fatigue through rule tuning, false-positive suppression, and analytics engine optimization.\r\n Collaborate with OEM support teams for issue resolution and product improvements.\r\n Customer Engagement & Governance (Onsite Specific)\r\n Serve as the face of HCL CSFC, building trust and maintaining strong stakeholder relationships.\r\n Participate in and present during Monthly Security Operations Reviews (MSOR), weekly governance calls, and ad-hoc executive briefings.\r\n Provide technical analysis reports, security posture assessments, and actionable recommendations.\r\n Coordinate with customer IT/Security teams, OEM vendors, and HCL offshore teams for seamless service delivery.\r\n Drive SLA/KPI adherence (MTTD, MTTR, MTTA, MTTN) and ensure contractual compliance.\r\n Mentorship & Knowledge Transfer\r\n Act as the SME (Subject Matter Expert) and provide technical guidance and mentorship to L1 and L2 analysts.\r\n Conduct knowledge transfer sessions, training workshops, and tabletop exercises at the customer site.\r\n Develop and maintain SOPs, runbooks, and escalation workflows for SOC operations.\r\n Technical Skills Required\r\n Category\r\n \r\n Required Skills\r\n\r\n\r\nSIEM Platforms\r\n \r\n Expertise in any 2 of: Splunk, Microsoft Sentinel, Google Chronicle, Palo Alto XSIAM\r\n\r\n\r\nEDR Platforms\r\n \r\n Hands-on experience in any 2 of: Crowd Strike Falcon, Microsoft Defender XDR, Sentinel One, Cortex XDR, Cisco Secure Endpoint\r\n\r\n\r\nSOAR Platforms\r\n \r\n Experience with XSOAR, Siemplify (Chronicle SOAR), Tines, or equivalent\r\n\r\n\r\n Query Languages\r\n \r\n Proficiency in KQL, SPL, YARA-L, or equivalent for advanced hunting\r\n\r\n\r\n Scripting & Automation\r\n \r\n Strong skills in Python, PowerShell for automation and scripting\r\n\r\n\r\n Frameworks\r\n \r\n Deep understanding of MITRE ATT&CK;, Cyber Kill Chain, NIST CSF, ISO 27001\r\n\r\n\r\nOS Knowledge\r\n \r\n Strong understanding of Windows, Linux, and macOS endpoint security and attack techniques\r\n\r\n\r\n Cloud Security\r\n \r\n Familiarity with Azure Defender, M365 Defender, Defender for Cloud, AWS Security Hub\r\n\r\n\r\n Forensics\r\n \r\n Experience in forensic investigations, malware analysis, and digital evidence handling\r\n\r\n\r\n Reporting\r\n \r\n Experien

Skill Requirements

Job Summary\r\n As an L3 SOC Analyst (Onsite), you will serve as the senior-most technical. You will provide advanced threat detection, incident response leadership, and threat hunting capabilities. This is a customer-facing role requiring strong stakeholder engagement, technical presentation skills, and the ability to represent HCL CSFC's MXDR capabilities with excellence.\r\n Roles & Responsibilities\r\n Incident Response & Escalation\r\n Act as the primary escalation point for L1 and L2 SOC analysts for all complex security incidents.\r\n Lead incident response activities, including containment, eradication, root cause analysis (RCA), and recovery.\r\n Perform advanced triaging and collaborate with resolver groups, third parties, and designated customer contacts for incident resolution.\r\n Conduct post-incident reviews (PIR) and contribute to detailed investigation and RCA reports for customer governance.\r\n Threat Hunting & Intelligence\r\n Design and execute proactive threat hunting activities using SIEM, EDR, and advanced query languages (KQL, SPL).\r\n Perform both IOC-based and hypothesis-based threat hunting, correlating with the latest threat intelligence feeds.\r\n Analyse emerging threat intelligence and map findings to the MITRE ATT&CK; framework for enhanced detection.\r\n Create and deliver threat hunting reports and advisories based on defined KPIs for customer consumption.\r\nSIEM/SOAR & Detection Engineering\r\n Develop and fine-tune detection use cases, correlation rules, and automated response playbooks.\r\n Provide expertise in SIEM/SOAR platform optimization, log source integration, and content management.\r\n Lead efforts to reduce alert fatigue through rule tuning, false-positive suppression, and analytics engine optimization.\r\n Collaborate with OEM support teams for issue resolution and product improvements.\r\n Customer Engagement & Governance (Onsite Specific)\r\n Serve as the face of HCL CSFC, building trust and maintaining strong stakeholder relationships.\r\n Participate in and present during Monthly Security Operations Reviews (MSOR), weekly governance calls, and ad-hoc executive briefings.\r\n Provide technical analysis reports, security posture assessments, and actionable recommendations.\r\n Coordinate with customer IT/Security teams, OEM vendors, and HCL offshore teams for seamless service delivery.\r\n Drive SLA/KPI adherence (MTTD, MTTR, MTTA, MTTN) and ensure contractual compliance.\r\n Mentorship & Knowledge Transfer\r\n Act as the SME (Subject Matter Expert) and provide technical guidance and mentorship to L1 and L2 analysts.\r\n Conduct knowledge transfer sessions, training workshops, and tabletop exercises at the customer site.\r\n Develop and maintain SOPs, runbooks, and escalation workflows for SOC operations.\r\n Technical Skills Required\r\n Category\r\n \r\n Required Skills\r\n\r\n\r\nSIEM Platforms\r\n \r\n Expertise in any 2 of: Splunk, Microsoft Sentinel, Google Chronicle, Palo Alto XSIAM\r\n\r\n\r\nEDR Platforms\r\n \r\n Hands-on experience in any 2 of: Crowd Strike Falcon, Microsoft Defender XDR, Sentinel One, Cortex XDR, Cisco Secure Endpoint\r\n\r\n\r\nSOAR Platforms\r\n \r\n Experience with XSOAR, Siemplify (Chronicle SOAR), Tines, or equivalent\r\n\r\n\r\n Query Languages\r\n \r\n Proficiency in KQL, SPL, YARA-L, or equivalent for advanced hunting\r\n\r\n\r\n Scripting & Automation\r\n \r\n Strong skills in Python, PowerShell for automation and scripting\r\n\r\n\r\n Frameworks\r\n \r\n Deep understanding of MITRE ATT&CK;, Cyber Kill Chain, NIST CSF, ISO 27001\r\n\r\n\r\nOS Knowledge\r\n \r\n Strong understanding of Windows, Linux, and macOS endpoint security and attack techniques\r\n\r\n\r\n Cloud Security\r\n \r\n Familiarity with Azure Defender, M365 Defender, Defender for Cloud, AWS Security Hub\r\n\r\n\r\n Forensics\r\n \r\n Experience in forensic investigations, malware analysis, and digital evidence handling\r\n\r\n\r\n Reporting\r\n \r\n Experien

Other Requirements

Job Summary\r\n As an L3 SOC Analyst (Onsite), you will serve as the senior-most technical. You will provide advanced threat detection, incident response leadership, and threat hunting capabilities. This is a customer-facing role requiring strong stakeholder engagement, technical presentation skills, and the ability to represent HCL CSFC's MXDR capabilities with excellence.\r\n Roles & Responsibilities\r\n Incident Response & Escalation\r\n Act as the primary escalation point for L1 and L2 SOC analysts for all complex security incidents.\r\n Lead incident response activities, including containment, eradication, root cause analysis (RCA), and recovery.\r\n Perform advanced triaging and collaborate with resolver groups, third parties, and designated customer contacts for incident resolution.\r\n Conduct post-incident reviews (PIR) and contribute to detailed investigation and RCA reports for customer governance.\r\n Threat Hunting & Intelligence\r\n Design and execute proactive threat hunting activities using SIEM, EDR, and advanced query languages (KQL, SPL).\r\n Perform both IOC-based and hypothesis-based threat hunting, correlating with the latest threat intelligence feeds.\r\n Analyse emerging threat intelligence and map findings to the MITRE ATT&CK; framework for enhanced detection.\r\n Create and deliver threat hunting reports and advisories based on defined KPIs for customer consumption.\r\nSIEM/SOAR & Detection Engineering\r\n Develop and fine-tune detection use cases, correlation rules, and automated response playbooks.\r\n Provide expertise in SIEM/SOAR platform optimization, log source integration, and content management.\r\n Lead efforts to reduce alert fatigue through rule tuning, false-positive suppression, and analytics engine optimization.\r\n Collaborate with OEM support teams for issue resolution and product improvements.\r\n Customer Engagement & Governance (Onsite Specific)\r\n Serve as the face of HCL CSFC, building trust and maintaining strong stakeholder relationships.\r\n Participate in and present during Monthly Security Operations Reviews (MSOR), weekly governance calls, and ad-hoc executive briefings.\r\n Provide technical analysis reports, security posture assessments, and actionable recommendations.\r\n Coordinate with customer IT/Security teams, OEM vendors, and HCL offshore teams for seamless service delivery.\r\n Drive SLA/KPI adherence (MTTD, MTTR, MTTA, MTTN) and ensure contractual compliance.\r\n Mentorship & Knowledge Transfer\r\n Act as the SME (Subject Matter Expert) and provide technical guidance and mentorship to L1 and L2 analysts.\r\n Conduct knowledge transfer sessions, training workshops, and tabletop exercises at the customer site.\r\n Develop and maintain SOPs, runbooks, and escalation workflows for SOC operations.\r\n Technical Skills Required\r\n Category\r\n \r\n Required Skills\r\n\r\n\r\nSIEM Platforms\r\n \r\n Expertise in any 2 of: Splunk, Microsoft Sentinel, Google Chronicle, Palo Alto XSIAM\r\n\r\n\r\nEDR Platforms\r\n \r\n Hands-on experience in any 2 of: Crowd Strike Falcon, Microsoft Defender XDR, Sentinel One, Cortex XDR, Cisco Secure Endpoint\r\n\r\n\r\nSOAR Platforms\r\n \r\n Experience with XSOAR, Siemplify (Chronicle SOAR), Tines, or equivalent\r\n\r\n\r\n Query Languages\r\n \r\n Proficiency in KQL, SPL, YARA-L, or equivalent for advanced hunting\r\n\r\n\r\n Scripting & Automation\r\n \r\n Strong skills in Python, PowerShell for automation and scripting\r\n\r\n\r\n Frameworks\r\n \r\n Deep understanding of MITRE ATT&CK;, Cyber Kill Chain, NIST CSF, ISO 27001\r\n\r\n\r\nOS Knowledge\r\n \r\n Strong understanding of Windows, Linux, and macOS endpoint security and attack techniques\r\n\r\n\r\n Cloud Security\r\n \r\n Familiarity with Azure Defender, M365 Defender, Defender for Cloud, AWS Security Hub\r\n\r\n\r\n Forensics\r\n \r\n Experience in forensic investigations, malware analysis, and digital evidence handling\r\n\r\n\r\n Reporting\r\n \r\n Experien