Senior Security SOC Analyst (L2)

Job Title : Senior Security SOC Analyst (L2)

Location : Bengaluru

Experience : Above 5+

Skills : SIEM, Logarithm, Sentinel Azure, log integrate, use case development, False, correlation rules creation, threat hunting, incident response

Job Description :

ESSENTIAL DUTIES AND RESPONSIBILITIES :

Implement and perform service delivery of Security Operating center

Conduct and lead incident response activities (triage, root cause analysis, escalations, notifications, communication, etc.) resulting from Information Security incidents consistent with Incident Response processes and procedures.

Perform in-depth data analysis on various data and media types through the application of advanced methods, tools, and research techniques.

Respond to, report on, and track security events reported to the SIEM, system and event logs, and other sources which require further analysis.

Facilitate and lead meetings or discussions pertaining to security issues or potential threats to determine necessary or improved defensive measures or response actions.

Provide SME leadership throughout the incident response lifecycle.

Establish and leverage external relationships to obtain cyber and InfoSec threats with context for how it impacts MFX and its clients.

Monitor internal and external threats; examine logs, events, and alerts generated by multiple platforms for anomalous activity, evidence of security incidents, and other error conditions that may constitute a breach in security or a degradation of integrity or confidentiality of our systems and data.

Provide forensic support as needed or required for security incidents, potential or adjudicated.

Provide mentorship and technical guidance to less experienced security analysts.

Provide input, trends or analytical support to discover anomalous traffic, behaviors or patterns related to new threat activity, policy violations, etc.

Leverage scripting skills to develop tools for the automation of security processes using Python, Perl, Bash, and PowerShell.

Work with a wide variety of security tools, both network and system based, as needed.

Participate in internal projects and initiatives, researching and recommending appropriate security solutions.

Document processes, policies, reports and procedures as require.

Knowledge and Skills:

The successful candidate will have a proven track record 6- 8 years in information security derived from an all-round Information Technology background and SOC/SIEM experience and possess a combination of the following skills, and competencies:

Good working knowledge of Windows operating systems, Linux, networking, LogRhythm, RSA Net witness, troubleshooting, and security strategies.

Solid understanding of additional security technologies / disciplines such as EDR, Palo Alto and Juniper firewalls, intrusion prevention, encryption, threat analysis, and vulnerability assessment.

Comfortable with managing complex, enterprise-scale logging, including ensuring reporting and alerting is appropriate.

Strong analytical, documentation, and communication skills, both oral and written

Good team working skills and ability to work in a distributed global team environment.

Strong analytical and problem-solving skills.

Self-motivated, proactive and with determination to achieve goals.

Proven business skills including effective oral and written communication, issue resolution, project management, and self-motivation.

Experience with industry recognized SIEM solutions such as LogRhythm, Azure Sentinel

Relevant security certifications such as CEH, GIAC, GSEC, CISSP

Technical Skills:

Exposure to SIEM Alert monitoring and management for multiple SIEM Products

Working knowledge of at least 3 of the following technologies.

o SIEM tools preferably LogRhythm, Azure Sentinel

o Nessus Vulnerability Assessment

o EDR, EPP, Network Security, Cloud Security, DLP, Encryption, proxy.

Understanding of alerts from other monitoring systems e.g. DLP, WAF, Anti APT, DAM etc.

Excellent knowledge of Intrusion Detection (deep TCP/IP knowledge, and Cyber security), various operating systems (Windows/UNIX), and web technologies (focusing on Internet security).

Ability to read and understand packet level data. Intrusion detection and prevention and Network Security Products (IDS/IPS, firewalls, etc) Host Security Products (HIPS, AV, scanners, etc)

Knowledge of cutting-edge threats and technologies effecting Web Application vulnerabilities and recent internet threats.