arrow Back

Lead Analyst

Threat Management
|
Pune, India

By contacting us you agree with the storage and handling of your data by this website. Please view the terms of our policy here.

Job Description:

We are searching for a Lead Analyst who will be responsible for monitoring, reporting, and escalating events to our L3. The primary function of this position is to monitor the analytics tools and perform alert management and initial incident qualification. Console monitoring of the EDR and triaging the alerts in it. This role reports to the Head of Threat management.

Responsibilities:

• Deep technical knowledge of Windows, Linux, Database, networks, proxy, email gateway and other security solutions.
• Take necessary actions based on the agreed SOP, which includes Containment, Remediation and Eradication action in EDR, NDR, Email gateways.
• Identifying gaps in use cases to detect MITRE TTPs and accordingly plan to recommend.
• Perform assessment on customers infrastructure to identify associated threats to digital assets and accordingly share recommendations.
• Develop hunt queries based on most abused TTPs and share with team to perform Threat Hunting
• EDR, NDR, ESG alerts escalation via ITSM to customer.
• Building new use cases using multiple log sources to detect suspicious attempts.
• Fine Tuning of EDR, NDR and Email gateway alert/rules.
• Perform detailed technical review of the products used by customers and recommend best usage.
• Identify ongoing threats and possible solutions to be implemented.
• Generate, Review and Present Monthly EDR, NDR, ESG reports to clients.
• Daily EDR, NDR, ESG component health checks and Endpoint reporting status
• Endpoint Deployment, Agent Update and troubleshooting issues.
• Coordinate with OEM vendors for the product related issues
• Monthly review and test new EDR, NDR and ESG features.
• Handle multiple EDR, NDR and ESG solution.
• Track and update incidents and requests based on client’s updates and analysis results.
• Work in close coordination with SOC Team.
• Undertake first stages of false positive and false negative analysis.
• Properly log client requests and change requests in ITSM tool.
• Make recommendations for enhancing systems security and processes.
• Contribute to continuous tool improvement, process improvement and quality control

Location

Pune, India

Essential Skills

• Good knowledge of Attack Mitre Framework and their attack vectors.
• Knowledge and hands-on experience on content creation, like Custom Rules, Signatures, IOA’s, Yara Rules etc
• Good communication skills.
• Experience in Security Information Event Management (SIEM) tools with basic analyst knowledge.
• Knowledge of basic Networking and Security concepts.
• Knowledge of basic Incident Handling process.
• Good API knowledge.
• Good understanding of EDR, NDR and Email Gateway telemetries.
• XDR knowledge will be an advantage.
• Automation playbooks.

Education Requirements & Experience

• Any Bachelor’s or Master’s degree holder.
• Minimum of 5-6 year of experience in the above products, preferably working in a MSSP SOC environment.
• Certifications: CISSP / SANS GSEC / ECSA / ECSP / BTL1 / Security+ / Any EDR related Certifications

Apply
close icon
Available On-Demand
Risk management platform thumbnail
Empowering CISOs to Visualise and Mitigate Cyber Risks
View Recording arrow
Industry Report
Construction Threat Landscape Report 2024 page thumbnail 528x347
Construction Threat Landscape Report 2024
Download Report arrow
Summer Report
Global Threat Insight Summer Report 2024 - Website Thumbnail 528x347
Global Threat Insight Summer Report 2024
Download Report arrow
Blog
MITRE Engenuity ATT&CK® Evaluations thumbnail
MITRE Engenuity ATT&CK® Evaluations & The Question of How to Measure Quality in a Managed Security Service
Read More arrow