Cyber Security Analyst

Work Location - Bangalore

Workspace Model: Work from the office

Project Duration: Long-term project

Shift Timings: Rotational Shift

We are looking for an immediate joiner only.

Interested candidate can share their resume on 8088787884 (WhatsApp only ) with the following details-

CTC-

ECTC-

Notice Period -

Location -

Job Description

Role:

The Cyber Security Analyst plays a critical role within the SOC division, collaborating with the

clients Incident Response team, Security Operations Centre, and other business units in the

cybersecurity domain. Responsibilities include conducting daily incident investigations and

analysis, which may vary based on external events and internal information needs. The analyst

is expected to be proactive, delivering high-quality SOC monitoring & analysis services

independently as well as in coordination with the team.

Responsibilities:

Contribute to Incident Alert Investigation, Process development, documentations & Alert policy Tuning, Content management, Operation Maturity & Improvements to meet & maintain Quality controls

In-depth understanding of Incident Response Lifecycle, Cyber Kill Chain, MITRE ATT&CK and other information security, defence and intelligence frameworks

Experience in supporting Endpoint Detection and Response systems

Create different dashboards based on the level of user, and this was integrated with the customer care support UI

Work on scripting the automated solution of the platform monitoring with Python, etc

Use case validation by coordinating and communicating with the technical team/higher management

Prepared the documents for the mapping design and production support

Ensure continuous service delivery & Manage Security incidents 24x7 & willing to work on

rotational shifts Work from Office Mode

Must have in-depth knowledge of phishing alerts, Email header analysis, Endpoint alert analysis, O365 Defender, & Email gateway is a plus

Understanding of the Cyber Kill Chain, MITRE ATT&CK and other information security defence and intelligence frameworks & Incident response life cycle

Proficient with SIEM technologies (Security Information and Event Management e.g. Splunk/MS Sentinel or other SIEM TOOL)

Participate in the development of strategic goals for SOC Operations, like Alert tuning/noise reduction/automation, and contribute to KPI enhancements on quality.

Work with engineering teams to optimise alert data/Splunk Search/KQL data ingest and search

Conduct research and make recommendations on data products, services, and standard Basics based on alerts

Monitor different dashboards based on the anomaly levels & Analyse & recommend to customers with the remediation actions

Work on scripting the automated solution of the platform monitoring with Python, etc

Prepare the documents for the mapping design and SOC Operation support

Responsible for implementing search queries in Splunk/MS Sentinel in support of investigation/Analysis

Handle all SOC Incident-related requests/issues

Ready to go through all modifications, deployments, and learnings

Work with the other security/IT teams to investigate, contain and remediate cybersecurity

incidents

Assist the incident response team with technical analysis and provide timely updates during an investigation if needed

Use investigation findings to recommend security posture improvements (identify gaps)

Experience with collecting, analysing, and interpreting qualitative and quantitative data from multiple sources

Ability to write high-quality investigation reports for a senior-level audience

Ability to develop specific expertise, to discern patterns of complex threat actor behaviour, and to communicate an understanding of current and developing cyber threats

Maintain an understanding of the overall threat landscape (cyber, malware, botnets, phishing, DDoS, physical)

Collect, analyse, investigate, store, and disseminate indicators of compromise (IOCs), threat intelligence

Contribute to Threat Hunting, Threat profile & Advisories & Contribute to Operation maturity/Initiatives

Ability to communicate (verbal and written) clearly and effectively (technically and non technically).

Ability to follow processes, procedures, and instructions. Ability to communicate with stakeholders and customers.

Ability to work and get along with other members within the team.

Key skills & Experience:

4 6 years experience with in-depth knowledge in Incident Detection & Investigation in a SOC environment.

Experience working on SIEM tools such as Microsoft Sentinel, Splunk, QRadar, etc.

Understanding of IDS/IPS, Phishing, SIEM and AV / EDR / XDR / Proxy, etc.

TCP/IP, computer networking, routing and switching - an understanding of the fundamentals: the language, protocol and functioning of the internet

Assessment - specifications for a framework of policies and procedures that include all legal, physical and technical controls involved in an organisation's risk management of the respective country

Knowledge of risk management, defence in depth, offensive vs defensive techniques, report writing, and investigation skills

Researching, writing reports, proofreading presentations and articles, and communications skills

Python, KQL, scripting, Linux/Unix

Strong verbal and written abilities to engage with technical and non-technical resources

Strong analytical skills, Highly organized and detail-oriented

Self-motivated personality who can work independently and in team settings with minimal direction or guidance

Qualifications:

Bachelors degree in Computer Science / Engineering or higher.

Any additional qualifications in Cyber Security or related field (preferred)

Certifications (preferred):

Any Certificates mentioned below

SC 200, Security+, GSEC or CEH Certification, relevant SANS training or other technical

industry certifications