As an L3 Security Analyst, you will play a critical role in our Security Operations Center (SOC). You will lead advanced security monitoring incident response, threat intelligence, vulnerability management and email security. Your expertise will help protect our organization and customer’s information from sophisticated cyber threats. Your proactive approach to threat hunting will help identify potential vulnerabilities before they can be exploited.
Key Responsibilities:
- Leading efforts to counter security breaches and anticipating and reducing the likelihood of future security alerts, incidents, and disasters.
- Conduct vulnerability management and risk analyses to assess security.
- Analyzing security breaches to identify the cause and to update incidence responses and disaster recovery plans.
- Triage alerts originating from security tools, such as intrusion detection/prevention systems, security information and event management (SIEM), firewalls and host-based security systems.
- Conduct log-based and endpoint-based threat detection to detect and protect against threats coming from multiple sources.
- Investigate reported phishing emails malicious files / URLs and take appropriate action.
- Assist with incident tracking and documentation.
- Stay current on emerging threats and vulnerabilities to aid in the identification of incidents.
- Provide users with incident response support, including mitigating actions to contain activity and facilitating forensics analysis when necessary.
- Required to work flexible timings.
Experience & Education Requirements:
- Should have experience of 5+ years in SOC as an L3 analyst.
- Awareness of Information Security, compliance, and other security standard methodologies and principles, such as NIST CSF, MITRE ATT&CK, and CIS Controls.
- Hands-on experience with security data analysis, including UEBA, using analytic tools and other queries.
- Endpoint Detection & Response (EDR) tools such as Crowdstrike, Microsoft Defender for Endpoint, Trend Micro.
- Experience with security tools such as Google Chronicle, Rapid7, Qualys VMDR, is preferred.
- Web Application Firewall (WAF) tools such as Cloudflare, Akamai and Azure WAF.
- Email Security tools such as Proofpoint, Mimecast and Microsoft Defender for Office.
- Data Loss Prevention (DLP) tools such as Microsoft Purview, McAfee, or Symantec.
Nice to have :
- YARA \ KQL language
- AWS
- Service Now \ Jira
- A highly self-motivated and proactive individual who wants to learn and grow and has an attention to detail.
- A great analyser, trouble-shooter, and problem solver who understands security operations, programming languages, and architecture.