Information Security Analyst

Job description

Experience: - 3-6 Years in Information Security Domain.

Tools: - SIEM, EDR, NDR, Proxy, Email Security

Skill Set: -

Should have good knowledge on: -

1. Network Security
2. Incident Management
3. SIEM rules writing
4. Endpoint Security
5. Forensic Analysis
6. Vulnerability Assessment
7. Common Cyber Attacks hypothesis creation using MITRE.

Certifications: -

OEM Certification: Splunk Core Certified User

Industry Certification: CEH/CHFI/ CySA+/OSCP/ PNPT or any equivalent Security Certification.

Roles And Responsibilities: -

• Handling escalated security incidents and event management.
• Conduction of real-time and post-mortem remote incident analysis and remediation.
• Forensics and Root cause analysis of detected incidents.
• Support development and fine-tuning detection rules in the SIEM
• Document, investigate and notify appropriate contact for security events.
• Must participate in a scheduled shift rotation and be able to be in the office 24x5 shift basis
• Review and take a proactive approach to false positive alerts and work with the various Security teams to tune and provide feedback to improve accuracy of the alerts.
• Collaborate with technical teams for security incident remediation and communication.
• Hunt for security Threats, Identify threat actor groups and their techniques, tools and processes. (hypothesis-based hunting)
• Ability to track, analyse, and brief on new and ongoing cyber-attacks with understanding of identity and popular authentication/ authorization protocols
• Provide expert analytic investigative support to analysts for complex security incidents.
• Strong understanding of attacker mindset and ability to apply defensive tactics to protect against it
• Experience with offensive security including tools such as Metasploit, exploit development, Open-Source Intelligence Gathering (OSINT), and designing ways to breach enterprise networks
• Experience with advanced persistent threats and human adversary compromises.
• perform analysis of network packet captures, DNS, proxy, NetFlow, malware, host-based security and application logs, as well as logs from various types of security sensors uncovering the unknown about internet threats and threat Factors.
• Using knowledge of the current threat landscape, threat actor techniques, and the internal network, Analyse log data to detect active threats within the network. Build, document and maintain a comprehensive model of relevant threats to the organization.
• Weekly/Monthly tactical briefings on threat observations and findings to the organization on threats to the industry.
• Keep up to date with information security news, vulnerabilities, tools, techniques, exploits and trends.
• Proactively identify potential threat vectors and work with the engineering team to improve prevention and detection methods.
• Identify and propose automated alerts for new and previously unknown threats.