SOC (Security Operation Center) - Purple Team -tier

**Why Kyndryl**Kyndryl is a market leader that thinks and acts like a start-up. We design, build, manage, and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl?We are always moving forward - always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers, and our communities. We invest heavily in you - not only through learning, training, and career development, but also through the flexible working practices and stellar benefits that help you grow and progress long-term. And we give back - from planting 90,000 trees in our first 3 months as part of our One Tree Planted initiative to the Corporate Social Responsibility and Environment, Social and Governance practices embedded within everything we do, we are committed to powering human progress in an ethical, sustainable way.**Your Role and Responsibilities**- Serve as Tier 3 level for complex technical and procedural escalations- Provide technical lead support to tier 2 and 1 soc analysts- Responsible for development and execution of incident response plans for escalated response processes- Proactively identify indicators of compromise and generate and execute- Incident Response Plan upon detection- Provide Incident remediation and prevention documentation- Identification and resolution of complex issues in customer environments.- Develop resolution and implementation plans- Work in collaboration with other security and company departments (operations, legal, sales) to help identify / resolve chronic issues and assist with the creation and implementation of corrective / preventative action plans- Research, analyze and identify potential vulnerabilities and security deficiencies. Initiate escalation procedure to counteract potential threats/vulnerabilities- Conduct security training, new hire training and network impact reviews. Coordinate repair and maintenance of security system with security integrators- Liaise directly with third party vendors / suppliers- Develop, document, and maintain Incident Response process, procedures, workflows, and playbook.- Tune and maintain security tools (EDR, IDS, SIEM, etc) to reduce false positives and improve SOC detection capabilities- Document Investigation and Incident Response actions taken in Case Management Systems and prepare formal Incident Reports- Create metrics and determine Key Performance Indicators to measure maturity of SOC operations.- Develop security content such as scripts, signatures, and alerts**Required Technical and Professional Expertise**- Experience at least three (3) years working with SIEM(QRADAR, SPLUNK, SENTINEL, etc), FW, IPS/IDS- Threat Intelligence solutions, knowledge of Elastic Stack (Elasticsearch, Kibana)- Strong analytical skills to define risk, identify potential threats, document and develop action/mitigation plan- Deep knowledge/experience with Operating Systems (e.g. Windows Server, CentOS Linux).- Knowledge/experience of networking and firewalls- Knowledge of Enterprise Anti-Virus, IDS, Full Packet Capture and Host/Network Threat Analysis- Knowledge of Threat Monitoring Procedures- Deep knowledge conducting and leading incident response situations- Experience implementing monitoring tools and capabilities- Solid hands-on experience with one or several of the following security tools:- CrowdStrike O365 Security, AWS security and/or Hub Azure defender- Security center Splunk Advance OSINT knowledge- Experience with a wide range of security tools and knowledge of relevant cyber frameworks and methodologies- Work in collaboration with other security and company departments to help identify / resolve chronic issues and assist with the creation and implementation of corrective / preventative action plans- Research, analyze and identify potential vulnerabilities and security deficiencies. Initiate escalation procedure to counteract potential threats/vulnerabilities- Conduct security training, new hire training and network impact reviews- Coordinate repair and maintenance of security system with security integrators- Liaise directly with third party vendors / suppliers- Develop, document, and maintain Incident Response process, procedures, workflows, and playbook- Tune and maintain security tools (EDR, IDS, SIEM, etc) to reduce false positives and improve SOC detection capabilities- Document Investigation and Incident Response actions taken in Case Management Systems and prepare formal Incident Reports- Create metrics and determine Key Performance Indicators to measure maturity of SOC operations- Develop security content such as scripts, signatures, and alerts**Preferred Technical and Professional Experience**- Three (3) years experience working within a security operations center- Three (3) years experience working across multiple security disciplines (DFIR, log analysis, packet analysis, etc.) 1-2 years of le