Security Analyst L3 39517 GGN (Job Code : J47662)
Sampoorna Consultants Private Limited
Location
Gurgaon | India
Job description
Excellent Opportunity with our client for
Security Analyst L3 39517 GGN (Job Code : J47662)
Exp : 6.05 - 9 Years Location: Gurgaon Key Skills: QRadar, Threat hunter, Sentinel, SIEM Admin, Security Operations
Please pass on or Share this message to your friends who are looking for similar roles
Role and responsibilities:
Participate in a rotating SOC on-call; rotation is based on the number of team members.
Provide first-line SOC support with timely triage, routing and analysis of SOC tasks.
Researches, develops, and monitors custom visualizations.
Researches, analyzes, and writes documents such as cybersecurity briefings for all levels of stakeholders from Tier 1-3 SOC, security engineering, and executives.
Tunes and develops SIEM correlation logic for threat detection.
Ensures documentation is accurate and complete, meets editorial and government specifications, and adheres to standards for quality, graphics, coverage, format, and style.
Develop scripts using Python to automate IR functions, including (but not limited to) IOC ingestion and SIEM integration via REST APIs to minimize repetition of duties and automate tasks.
Produce and review aggregated performance metrics.
Perform Cyber Threat Assessment and Remediation Analysis
Processing, organizing, and analyzing incident indicators retrieved from the client environment and correlating said indicators to various intelligence data.
Assisting in the coordination with internal teams as well as in the creation of engagement deliverables for a multitude of activities, including but not limited to
Insider Threats, Rule of Engagement (ROE), Threat Hunting, After Action Reports, and other artifacts to support testing, monitoring and protecting the enterprise.
Investigate network and host detection and monitoring systems to advise engagement processes.
Develop and Execute bash and python scripts to process discrete log files and extract specific incident indicators; develop tools to aid in Tier 1 and Tier 2 functions.
Participate in on-call rotation for after-hours security and/or engineering issues.
Participate in the increase of effectiveness and efficiency of the SOC, through improvements to each function as well as coordination and communication between support and business functions.
Think critically and creatively while analyzing security events, network traffic, and logs to engineer new detection methods.
Work directly with Security and SOC leadership on cyber threat intelligence reports to convert intelligence into useful detection.
Participate in on-call rotation for after-hours security and/or engineering issues.
Collaborate with incident response team to rapidly build detection rules as needed.
Responsible for supporting 24x7x365 SOC operations including but not limited to: Alert and notification activities- analysis/triage / response, Review and action on Threat Intel for IOCs and other operationally impactful information, initial review and triage of reported Incidents.
Perform analysis across all security tools, uncovering attack vectors involving a variety of malware, data exposure, and phishing and social engineering methods.
Monitoring/triage security events received through alerts from SIEM or other security tools; escalate and support to IR as appropriate.
IDS monitoring and analysis, analyze network traffic, log analysis, prioritize and differentiate between potential intrusion attempts and false alarms Review and reporting on anomalous patterns (Hunting) across all security tools / SIEM.
Develop in in-depth understanding of customer and SOC operations requirements and policies.
Ensure reports are properly entered into the tracking system.
Perform customer security assessments.
Supporting incident response or remediation as needed
Participate and develop and run tabletop exercises.
Perform lessons learned activities.
Supporting ad-hoc data and investigation requests
Composing reports, updates, security alert notifications or other artifacts and documents as needed Required Experience / Skills:
Minimum of nine (9) years technical experience
7+ years of experience in SOC, security operations, cyber technical analysis, threat hunting, and threat attribution assessment with increasing responsibilities.
3+ years of rule development and tuning experience
1+ years of Incident response
Deep understanding of Cyber Threat TTPs, Threat Hunt, and the application of the MITRE Attack Framework
Knowledge of security operations and attacker tactics
Ability to identify cyber-attacks and develop monitoring logic
Experience supporting 24x7x365 SOC operations including but not limited to Alert and notification activities- analysis/triage/response, Review and action on Threat Intel for IOCs and other operationally impactful information, initial review and triage of reported alerts and Incidents.
Support alert and notification triage, review/analysis through resolution / close
Manage multiple tickets/alerts in parallel, including end-user coordination.
Demonstrated ability to evaluate events (through a triage process) and identify appropriate prioritization for response.
Solid understanding and experience analyzing security events generated from security tools and devices not limited to QRadar, MS Sentinel, FireEye, Elastic, SourceFire, Malware Bytes, CarbonBlack/Bit9, Splunk, Prisma Cloud/Compute, Cisco IronPort, BlueCoat
Experience and solid understanding of Malware analysis
Demonstrated proficiencies with one or more toolsets such as QRadar, MS Sentinel, Bit9/CarbonBlack, Endgame, FireEye HX / CM / ETP, Elastic Kibana
Experience and ability to use, contribute, develop and follow Standard Operating Procedures (SOPs)
In-depth experience with processing and triage of Security Alerts from multiple sources but not limited to: Endpoint security tools, SIEM, email security solutions, CISA, Threat Intel Sources
Experience with scripting languages applied to SOC operations; for example, automating investigations with tools, automating IOC reviews, support SOAR development.
Experience with bash, python, and Windows PowerShell scripting
Demonstrated experience with triage and resolution of SOC tasks, including but not limited to vulnerability announcements, phishing email review, Tier 1 IR support, SIEM/Security Tools - alert analysis.
Demonstrated experience and understanding of event timeline analysis and correlation of events between logs sources.
Demonstrated experience with the underlying logs generated by operating systems (Linux/Windows), Network Security Devices, and other enterprise tools.
Demonstrated proficiencies with an enterprise SIEM or security analytics solution, including the Elastic Stack or Splunk.
Solid understanding and experience analyzing security events generated from security tools and devices not limited to: QRadar, MS Sentinel, Carbon Black, FireEye, Palo Alto, Cylance, and OSSEC
Experience and solid understanding of Malware analysis
Understanding of security incident response processes
Job tags
Salary
