Job Description

We are searching for a Lead Analyst who will be responsible for monitoring, reporting, and escalating events to our L3. The primary function of this position is to monitor the analytics tools and perform alert management and initial incident qualification. Console monitoring of the EDR and triaging the alerts in it. This role reports to the Head of Threat management.

Responsibilities

• Deep technical knowledge of Windows, Linux, Database, networks, proxy, email gateway and other security solutions.
• Take necessary actions based on the agreed SOP, which includes Containment, Remediation and Eradication action in EDR, NDR, Email gateways.
• Identifying gaps in use cases to detect MITRE TTPs and accordingly plan to recommend.
• Perform assessment on customers infrastructure to identify associated threats to digital assets and accordingly share recommendations.
• Develop hunt queries based on most abused TTPs and share with team to perform Threat Hunting
• EDR, NDR, ESG alerts escalation via ITSM to customer.
• Building new use cases using multiple log sources to detect suspicious attempts.
• Fine Tuning of EDR, NDR and Email gateway alert/rules.
• Perform detailed technical review of the products used by customers and recommend best usage.
• Identify ongoing threats and possible solutions to be implemented.
• Generate, Review and Present Monthly EDR, NDR, ESG reports to clients.
• Daily EDR, NDR, ESG component health checks and Endpoint reporting status
• Endpoint Deployment, Agent Update and troubleshooting issues.
• Coordinate with OEM vendors for the product related issues
• Monthly review and test new EDR, NDR and ESG features.
• Handle multiple EDR, NDR and ESG solution.
• Track and update incidents and requests based on client’s updates and analysis results.
• Work in close coordination with SOC Team.
• Undertake first stages of false positive and false negative analysis.
• Properly log client requests and change requests in ITSM tool.
• Make recommendations for enhancing systems security and processes.
• Contribute to continuous tool improvement, process improvement and quality control
  
  

Location

Pune, India

Essential Skills

• Good knowledge of Attack Mitre Framework and their attack vectors.
• Knowledge and hands-on experience on content creation, like Custom Rules, Signatures, IOA’s, Yara Rules etc
• Good communication skills.
• Experience in Security Information Event Management (SIEM) tools with basic analyst knowledge.
• Knowledge of basic Networking and Security concepts.
• Knowledge of basic Incident Handling process.
• Good API knowledge.
• Good understanding of EDR, NDR and Email Gateway telemetries.
• XDR knowledge will be an advantage.
• Automation playbooks.
  
  

Education Requirements & Experience

• Any Bachelor’s or Master’s degree holder.
• Minimum of 5-6 year of experience in the above products, preferably working in a MSSP SOC environment.
• Certifications: CISSP / SANS GSEC / ECSA / ECSP / BTL1 / Security+ / Any EDR related Certifications