More jobs:
Job Description & How to Apply Below
At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl We are always moving forward – always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities.
The Role
Key Responsibilities
Security Incident Handling (L3 Technical Expertise)
Investigate and resolve escalated security incidents from L1 and L2 analysts, ensuring thorough analysis and timely closure.
Perform deep-dive forensic analysis, including log correlation, network traffic inspection, and endpoint artifact review.
Conduct Root Cause Analysis (RCA) for critical and high-severity incidents and contribute to post-incident reviews.
Analyze and validate alerts from SIEM, EDR, DLP, Email Security, and Cloud Security tools to differentiate true positives from false positives.
Collaborate with specialized SMEs (EDR, DLP, Email Security, Threat Intel) for multi-vector incident correlation and resolution.
Provide recommendations for containment, eradication, and recovery aligned with incident response playbooks.
SIEM Management and Detection Optimization
Monitor the health, performance, and availability of SIEM infrastructure and connected security sensors.
Review and fine-tune SIEM correlation rules, parsing logic, and use cases to enhance detection quality and reduce noise.
Work with content developers to onboard new log sources, develop advanced detection logic, and automate response workflows.
Coordinate with OEM vendors or platform teams for SIEM upgrades, patching, or issue remediation.
Provide feedback on detection efficacy, false positives, and rule optimization to continuously improve SOC performance.
Shift Management & Incident Command
Act as Incident Manager for the assigned shift, ensuring effective management of all ongoing incidents.
Supervise and coordinate the shift team (L1 and L2 analysts), ensuring SLA adherence and effective escalation handling.
Conduct shift handover meetings, ensuring smooth transition and operational continuity across shifts.
Maintain accurate shift logs, incident records, and performance metrics in ITSM tools (e.g., Service Now, Remedy).
Escalate unresolved or critical issues promptly to the SOC Manager, CDC Head, or CIRT team as per escalation matrix.
Track and report key shift KPIs, including response times, escalation trends, and incident closure rates.
Governance, Documentation & Continuous Improvement
Maintain RCA documentation, shift activity logs, and incident metrics for internal and external reporting.
Participate in governance forums, post-incident reviews, and lessons-learned sessions to drive process enhancements.
Review and refine Incident Response (IR) procedures, runbooks, and SOAR playbooks to align with best practices.
Contribute to audits, compliance reviews, and reporting as required by internal or regulatory requirements.
Team Development & Knowledge Management
Guide and mentor L1 and L2 analysts during investigations, triage, and incident handling activities.
Conduct technical training sessions, tabletop exercises, and knowledge-sharing workshops.
Contribute to the SOC knowledge base by documenting use cases, playbooks, and threat-handling procedures.
Support the SOC Manager in developing skill development roadmaps and assessing team competencies.
Collaboration & Stakeholder Engagement
Coordinate closely with SIEM Engineers, SOAR Developers, and SOC Content Teams to enhance detection and automation.
Work with Threat Intelligence, Vulnerability Management, and Incident Response teams to align detection logic with the threat landscape.
Support cross-functional teams during major incidents or security crisis scenarios, ensuring consistent communication and command.
Who You Are
8+ years of experience in Security Operations, Incident Response, or Cyber Defense, with at least 3 years at L3 or leadership level.
Strong hands-on expertise in:
SIEM technologies (Microsoft Sentinel, Splunk, QRadar, Arc Sight, etc.)
Endpoint Detection & Response (EDR) tools (Defender for Endpoint, Crowd Strike, etc.)
DLP, Email Security, and Cloud Security…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
Search for further Jobs Here:
×