Consultant - Cyber Security Analyst

Responsibilities

Security Operations Centre T5 - Experience 10 yrs.

• Ready to work in 24
• 365 environment in rotating shift environment.
• Must have hands on experience in handling security incidents investigations and response in the cloud environment (AWS, Azure). Role will involve monitoring, investigating end-to-end and responding to the real time security incidents targeting cloud infra / services / applications.
• Strong Cloud Platform Proficiency - should be well verse with platform like AWS and Azure which is essential for dealing with the security incidents in cloud
• Should utilize SIEM and other cloud log sources to analyze logs and identify anomalies.
• Continuous monitoring and respond to cloud & on perm security incidents promptly.
• Helps to solve high priority incidents and be a focal point for the team members for technical escalations.
• Understanding the Root cause and preparing a summary report when required
• Proactively take indicators from current threat landscape and use for threat hunting and / or control or detection recommendations.
• Document and guide the team on appropriate prioritization of qualified incidents, alerts triaging & qualification into incidents or false positives
• Splunk :
• Basic understanding and exposure to Splunk, should be able to query and pull out the required logs.
• Ability to understand co-relation search, analyze the required logs for investigations.
• Ability to create required dashboards / reports / searches.
• Should act as a single point of contact for the team for cloud security incidents. (including data breach / exfiltration, malware, etc..)
• Should be good with Investigation of intrusion attempts and perform an in-depth analysis of exploits
• Responsible for malware analytics by investigating events similar in complexity to Bash attempts and SQL injections.
• Must have extensively worked on Phishing incidents. Should have good exposure on SIEM preferably Splunk.
• Should have expertise on TCP / IP network traffic and event log analysis. Cloud and Network Security - understanding protocols and cloud architecture is crucial for incident investigation and response.
• Ability to perform critical analysis and resolve issues independently and differentiate false positives.
• Should be able to contribute to the response activities (contain and mitigate) to address potential security incidents / breaches effectively, minimizing impact on operations and recommends changes to enhance security systems to improve existing security posture.
• Cross collaboration with other IT teams to ensure coordinated response to security incidents.
• Should help to develop documentation which includes SOPs, playbooks and runbooks.
• Ensure quality and accuracy of junior analysts tickets by completing ticket reviews.
• Researches security trends, new methods and techniques used in unauthorized access of data in order to proactively eliminate the possibility of a system breach and to ensure compliance with regulations and privacy laws.
• Keep abreast of Cyber Threat Advisories on global threats and critical vulnerabilities; Recommend actions to be taken based on the environment.

Qualifications

Nice to have :

Show more

Show less

Skills Required

Java, Powershell, Siem, Splunk, Azure, Python, Aws