Cyber MS MDR - Assistant Manager

Function: KGS Response Team

Position: Level 2 Security Consultant

Location: Bangalore

Roles and Responsibilities

The primary role of a Security Analyst (L2) is the detailed and repeatable execution of all operational tasks as documented in processes and subordinate procedures. Specifically, these analysts will be responsible for monitoring the SIEM tools for security events and closing or escalating those events as necessary.

The candidate must also possess knowledge on Threat Hunting Strategies, analyzing Threat Intel & deriving fruitful conclusions and/or recommendations for the client

 Additionally, assist the MDR Analyst in an incident workflow and detection, remediation and communicate with external teams in proper incident resolution. We are currently seeking a Senior Security Associate for our KPMG Managed Services (Spectrum) practice to join us in our Bangalore/Pune office.

Note : Candidate must be willing to Work from Office only (Bangalore Location) & willing to do 24x7 rotational shift (Mandatory requirement for this role)

Specifically, Security Analysts (L2) will:

• Rapidly identify, categorize, prioritize and investigate events as the initial cyber event detection group for the enterprise using all available security logs and intelligence sources to include but not limited to:
• Firewalls (Zscalar, Cisco ASA & Palo Alto etc.,)
• Systems and Network Devices
• Web Proxies (Zscalar)
• Intrusion Detection/Prevention Systems (Zscalar, Cisco ASA & Palo Alto etc.,)
• Data Loss Prevention (Zscalar)
• Microsoft Suite (Microsoft Defender for Identity, Defender for Cloud, Defender for Office 365)
• Email Security Solutions such as O365, Proofpoint, Abnormal Security etc.
• EDR / Antivirus Systems (SentinelOne, Crowd Strike, MDE etc.,)
• Lead small hunt teams to design and prototype new ways to identify malicious activity in the systems and networks and:
• Document and communicate threat hunting methodologies and findings.
• Identify, research, and prioritize threat actor behaviors for hunting across the enterprise.
• Train and mentor other team members in the technical, procedural, and communication skills related to threat hunting.
• Develop, maintain, and revise operational threat hunting procedures and documentation.
• Should have exposure on at least 2 of the mentioned CTI sources: Crowdstrike TI, Recorded Future, VT Intelligence, Intel471 etc.
• Have excellent communication skills, lead discussions/findings with the clients and be able to explain the findings whilst suggesting best recommendations.
• Holistic understanding of adversary tactics, attack vectors, current threats, and remediation strategies.
• Continuously monitor SIEM and logging environments for security events and alerts to threats, intrusions, and/or compromises, including:
• SIEM tools like Splunk & Microsoft Sentine queue management from different data sources Network/EndPoint/Firewall etc., (Splunk & Microsoft Sentinel etc.,)
• Security email inbox (ProofPoint, Rapid7, Area1 etc.,)
• Intel feeds via email and other sources (e.g. NH-ISAC)
• Incident Ticketing queue (ServiceNow)
• Validate alerts as they come in to eliminate false positives and use other internal and external data sources to enrich alerts with additional context 
• Perform triage of service requests from customers and internal teams
• Use playbook procedures to carry out standard plays for routine event types and escalate alerts to Level 2 Analysts for further triage and remediation
• Assist with containment of threats and remediation of environment during or after an incident
• Act as a participant during Threat Hunting activities at the direction of one or more Incident Response Handlers
• Document event analysis and write comprehensive reports of incident investigations
• Proactively improve security-related operational processes and procedures
• Use available security tools for historical analysis purposes as necessary for detected events; for example, historical searches using SIEM tools (Splunk & Microsoft Sentinel)
• Maintain operational shift logs with relevant activity from the Analyst’s shift. Document investigation results, ensuring relevant details are passed to Level 2 or MDR Analysts for final event analysis
• Update/reference knowledgebase tool (e.g. Confluence) as necessary for changes to processes and procedures, and ingest of daily intelligence reports and previous shift logs
• Conduct research and document events of interest within the scope of IT Security
• Alternatively, consulting, or advisory experience in Security Operations
• Monitor and analyse Intrusion Detection Systems (IDS), Anomaly Detection Systems (ADS), Firewall event logs, Security Incident and Event Management (SIEM) toolset and other event logs to identify security attacks and threats for remediation/suppression.
• Validate IOCs that triggered the original alert.
• Research additional internal and external data sources for additional enrichment of event information
• Determine when an event has reached the threshold of an incident and engage Incident Response Handler to declare an incident.
• Create filters, data monitors, dashboards, and reports within monitoring utilities.
• Troubleshoot security monitoring devices to improve event correlation and performance.
• Handle high and critical severity incidents as described in the operations playbook.   
• Operational level experience in some of these domains (not all): security engineering, alert triaging, rule writing, incident response, DFIR, threat intelligence and management, vulnerability management, and security control testing
• In-depth knowledge of at least one SIEM platform or security data lake and related processes
• Knowledge of various security tools, their functions, and comparisons
• Knowledge of network and cloud security fundamentals
• Ability to explain complex technical concepts in business terms.
• Extensive experience in report writing and presentation.
• Strong, adaptable, and flexible work ethic
• Good time management skills
• Ability to work under pressure and prioritise activities
  
  
   

Qualifications

• Bachelor's degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field
• 5+ years of technical experience of prior MDR/SOC/Incident response experience
• 3+ years of Threat Hunting and exposure to multiple CTI tools & platforms
• Demonstrated technical knowledge of current network security, network hardware, protocols, and standards required
• Shall have demonstrated professional experience in incident detection and response, malware analysis, or cyber forensics
• Act as a workstream participant to support tier-1, tier-2, or tier-3 SOC environments
• Demonstrated strong oral and written communication and client facing skills
• Demonstrated strong analytical and communications skills
• Flexibility to adapt to different types of engagement, working hours, work environments, and locations
• Proven ability to work creatively, analytically in a problem-solving environment
• Ability to work nights, weekends, and/or holidays in the event of an incident response emergency
• Be comfortable working against deadlines in a fast-paced environment
• Identify issues, opportunities for improvement, and communicate them to an appropriate senior member
• Demonstrated technical knowledge of current network security, network hardware, protocols, and standards required

 

 

Required skills:

• 6+ years of technical experience in Information Security
• Experience with SIEM tools (Qradar, Splunk, Logrhythm, Solarwinds, etc.)
• Experience in Azure Sentinel
• Familiarity with common IDS/IPS and Firewalls (Snort, Cisco, Fortigate, Sourcefire)
• Familiarity with incident response process and activities
• Familiarity with TCP/IP protocol, OSI Seven Layer Model
• Knowledge of Windows, Unix-based systems, architectures, and network security devices
• Intermediate level of knowledge of LAN and WAN technologies
• Must have a solid understanding of information technology, information security domains
• Knowledge of security best practices and concepts
• Desired certifications: Security+, C|EH, Network+, Certified Information Systems Security Professional (CISSP), GIAC Certified Intrusion Analyst, GIAC Certified Incident Handler, or GIAC Reverse Engineering Malware
• Familiarity with ticketing tool / ITSM tool
• Personal drive, positive work ethic to deliver results within tight deadlines and in demanding situations

Function: KGS Response Team

Position: Level 2 Security Consultant

Location: Bangalore

Roles and Responsibilities

The primary role of a Security Analyst (L2) is the detailed and repeatable execution of all operational tasks as documented in processes and subordinate procedures. Specifically, these analysts will be responsible for monitoring the SIEM tools for security events and closing or escalating those events as necessary.

The candidate must also possess knowledge on Threat Hunting Strategies, analyzing Threat Intel & deriving fruitful conclusions and/or recommendations for the client

 Additionally, assist the MDR Analyst in an incident workflow and detection, remediation and communicate with external teams in proper incident resolution. We are currently seeking a Senior Security Associate for our KPMG Managed Services (Spectrum) practice to join us in our Bangalore/Pune office.

Note : Candidate must be willing to Work from Office only (Bangalore Location) & willing to do 24x7 rotational shift (Mandatory requirement for this role)

Specifically, Security Analysts (L2) will:

• Rapidly identify, categorize, prioritize and investigate events as the initial cyber event detection group for the enterprise using all available security logs and intelligence sources to include but not limited to:
• Firewalls (Zscalar, Cisco ASA & Palo Alto etc.,)
• Systems and Network Devices
• Web Proxies (Zscalar)
• Intrusion Detection/Prevention Systems (Zscalar, Cisco ASA & Palo Alto etc.,)
• Data Loss Prevention (Zscalar)
• Microsoft Suite (Microsoft Defender for Identity, Defender for Cloud, Defender for Office 365)
• Email Security Solutions such as O365, Proofpoint, Abnormal Security etc.
• EDR / Antivirus Systems (SentinelOne, Crowd Strike, MDE etc.,)
• Lead small hunt teams to design and prototype new ways to identify malicious activity in the systems and networks and:
• Document and communicate threat hunting methodologies and findings.
• Identify, research, and prioritize threat actor behaviors for hunting across the enterprise.
• Train and mentor other team members in the technical, procedural, and communication skills related to threat hunting.
• Develop, maintain, and revise operational threat hunting procedures and documentation.
• Should have exposure on at least 2 of the mentioned CTI sources: Crowdstrike TI, Recorded Future, VT Intelligence, Intel471 etc.
• Have excellent communication skills, lead discussions/findings with the clients and be able to explain the findings whilst suggesting best recommendations.
• Holistic understanding of adversary tactics, attack vectors, current threats, and remediation strategies.
• Continuously monitor SIEM and logging environments for security events and alerts to threats, intrusions, and/or compromises, including:
• SIEM tools like Splunk & Microsoft Sentine queue management from different data sources Network/EndPoint/Firewall etc., (Splunk & Microsoft Sentinel etc.,)
• Security email inbox (ProofPoint, Rapid7, Area1 etc.,)
• Intel feeds via email and other sources (e.g. NH-ISAC)
• Incident Ticketing queue (ServiceNow)
• Validate alerts as they come in to eliminate false positives and use other internal and external data sources to enrich alerts with additional context 
• Perform triage of service requests from customers and internal teams
• Use playbook procedures to carry out standard plays for routine event types and escalate alerts to Level 2 Analysts for further triage and remediation
• Assist with containment of threats and remediation of environment during or after an incident
• Act as a participant during Threat Hunting activities at the direction of one or more Incident Response Handlers
• Document event analysis and write comprehensive reports of incident investigations
• Proactively improve security-related operational processes and procedures
• Use available security tools for historical analysis purposes as necessary for detected events; for example, historical searches using SIEM tools (Splunk & Microsoft Sentinel)
• Maintain operational shift logs with relevant activity from the Analyst’s shift. Document investigation results, ensuring relevant details are passed to Level 2 or MDR Analysts for final event analysis
• Update/reference knowledgebase tool (e.g. Confluence) as necessary for changes to processes and procedures, and ingest of daily intelligence reports and previous shift logs
• Conduct research and document events of interest within the scope of IT Security
• Alternatively, consulting, or advisory experience in Security Operations
• Monitor and analyse Intrusion Detection Systems (IDS), Anomaly Detection Systems (ADS), Firewall event logs, Security Incident and Event Management (SIEM) toolset and other event logs to identify security attacks and threats for remediation/suppression.
• Validate IOCs that triggered the original alert.
• Research additional internal and external data sources for additional enrichment of event information
• Determine when an event has reached the threshold of an incident and engage Incident Response Handler to declare an incident.
• Create filters, data monitors, dashboards, and reports within monitoring utilities.
• Troubleshoot security monitoring devices to improve event correlation and performance.
• Handle high and critical severity incidents as described in the operations playbook.   
• Operational level experience in some of these domains (not all): security engineering, alert triaging, rule writing, incident response, DFIR, threat intelligence and management, vulnerability management, and security control testing
• In-depth knowledge of at least one SIEM platform or security data lake and related processes
• Knowledge of various security tools, their functions, and comparisons
• Knowledge of network and cloud security fundamentals
• Ability to explain complex technical concepts in business terms.
• Extensive experience in report writing and presentation.
• Strong, adaptable, and flexible work ethic
• Good time management skills
• Ability to work under pressure and prioritise activities
  
  
   

Qualifications

• Bachelor's degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field
• 5+ years of technical experience of prior MDR/SOC/Incident response experience
• 3+ years of Threat Hunting and exposure to multiple CTI tools & platforms
• Demonstrated technical knowledge of current network security, network hardware, protocols, and standards required
• Shall have demonstrated professional experience in incident detection and response, malware analysis, or cyber forensics
• Act as a workstream participant to support tier-1, tier-2, or tier-3 SOC environments
• Demonstrated strong oral and written communication and client facing skills
• Demonstrated strong analytical and communications skills
• Flexibility to adapt to different types of engagement, working hours, work environments, and locations
• Proven ability to work creatively, analytically in a problem-solving environment
• Ability to work nights, weekends, and/or holidays in the event of an incident response emergency
• Be comfortable working against deadlines in a fast-paced environment
• Identify issues, opportunities for improvement, and communicate them to an appropriate senior member
• Demonstrated technical knowledge of current network security, network hardware, protocols, and standards required

 

Required skills:

• 6+ years of technical experience in Information Security
• Experience with SIEM tools (Qradar, Splunk, Logrhythm, Solarwinds, etc.)
• Experience in Azure Sentinel
• Familiarity with common IDS/IPS and Firewalls (Snort, Cisco, Fortigate, Sourcefire)
• Familiarity with incident response process and activities
• Familiarity with TCP/IP protocol, OSI Seven Layer Model
• Knowledge of Windows, Unix-based systems, architectures, and network security devices
• Intermediate level of knowledge of LAN and WAN technologies
• Must have a solid understanding of information technology, information security domains
• Knowledge of security best practices and concepts
• Desired certifications: Security+, C|EH, Network+, Certified Information Systems Security Professional (CISSP), GIAC Certified Intrusion Analyst, GIAC Certified Incident Handler, or GIAC Reverse Engineering Malware
• Familiarity with ticketing tool / ITSM tool
• Personal drive, positive work ethic to deliver results within tight deadlines and in demanding situations

Function: KGS Response Team

Position: Level 2 Security Consultant

Location: Bangalore

Roles and Responsibilities

The primary role of a Security Analyst (L2) is the detailed and repeatable execution of all operational tasks as documented in processes and subordinate procedures. Specifically, these analysts will be responsible for monitoring the SIEM tools for security events and closing or escalating those events as necessary.

The candidate must also possess knowledge on Threat Hunting Strategies, analyzing Threat Intel & deriving fruitful conclusions and/or recommendations for the client

 Additionally, assist the MDR Analyst in an incident workflow and detection, remediation and communicate with external teams in proper incident resolution. We are currently seeking a Senior Security Associate for our KPMG Managed Services (Spectrum) practice to join us in our Bangalore/Pune office.

Note : Candidate must be willing to Work from Office only (Bangalore Location) & willing to do 24x7 rotational shift (Mandatory requirement for this role)

Specifically, Security Analysts (L2) will:

• Rapidly identify, categorize, prioritize and investigate events as the initial cyber event detection group for the enterprise using all available security logs and intelligence sources to include but not limited to:
• Firewalls (Zscalar, Cisco ASA & Palo Alto etc.,)
• Systems and Network Devices
• Web Proxies (Zscalar)
• Intrusion Detection/Prevention Systems (Zscalar, Cisco ASA & Palo Alto etc.,)
• Data Loss Prevention (Zscalar)
• Microsoft Suite (Microsoft Defender for Identity, Defender for Cloud, Defender for Office 365)
• Email Security Solutions such as O365, Proofpoint, Abnormal Security etc.
• EDR / Antivirus Systems (SentinelOne, Crowd Strike, MDE etc.,)
• Lead small hunt teams to design and prototype new ways to identify malicious activity in the systems and networks and:
• Document and communicate threat hunting methodologies and findings.
• Identify, research, and prioritize threat actor behaviors for hunting across the enterprise.
• Train and mentor other team members in the technical, procedural, and communication skills related to threat hunting.
• Develop, maintain, and revise operational threat hunting procedures and documentation.
• Should have exposure on at least 2 of the mentioned CTI sources: Crowdstrike TI, Recorded Future, VT Intelligence, Intel471 etc.
• Have excellent communication skills, lead discussions/findings with the clients and be able to explain the findings whilst suggesting best recommendations.
• Holistic understanding of adversary tactics, attack vectors, current threats, and remediation strategies.
• Continuously monitor SIEM and logging environments for security events and alerts to threats, intrusions, and/or compromises, including:
• SIEM tools like Splunk & Microsoft Sentine queue management from different data sources Network/EndPoint/Firewall etc., (Splunk & Microsoft Sentinel etc.,)
• Security email inbox (ProofPoint, Rapid7, Area1 etc.,)
• Intel feeds via email and other sources (e.g. NH-ISAC)
• Incident Ticketing queue (ServiceNow)
• Validate alerts as they come in to eliminate false positives and use other internal and external data sources to enrich alerts with additional context 
• Perform triage of service requests from customers and internal teams
• Use playbook procedures to carry out standard plays for routine event types and escalate alerts to Level 2 Analysts for further triage and remediation
• Assist with containment of threats and remediation of environment during or after an incident
• Act as a participant during Threat Hunting activities at the direction of one or more Incident Response Handlers
• Document event analysis and write comprehensive reports of incident investigations
• Proactively improve security-related operational processes and procedures
• Use available security tools for historical analysis purposes as necessary for detected events; for example, historical searches using SIEM tools (Splunk & Microsoft Sentinel)
• Maintain operational shift logs with relevant activity from the Analyst’s shift. Document investigation results, ensuring relevant details are passed to Level 2 or MDR Analysts for final event analysis
• Update/reference knowledgebase tool (e.g. Confluence) as necessary for changes to processes and procedures, and ingest of daily intelligence reports and previous shift logs
• Conduct research and document events of interest within the scope of IT Security
• Alternatively, consulting, or advisory experience in Security Operations
• Monitor and analyse Intrusion Detection Systems (IDS), Anomaly Detection Systems (ADS), Firewall event logs, Security Incident and Event Management (SIEM) toolset and other event logs to identify security attacks and threats for remediation/suppression.
• Validate IOCs that triggered the original alert.
• Research additional internal and external data sources for additional enrichment of event information
• Determine when an event has reached the threshold of an incident and engage Incident Response Handler to declare an incident.
• Create filters, data monitors, dashboards, and reports within monitoring utilities.
• Troubleshoot security monitoring devices to improve event correlation and performance.
• Handle high and critical severity incidents as described in the operations playbook.   
• Operational level experience in some of these domains (not all): security engineering, alert triaging, rule writing, incident response, DFIR, threat intelligence and management, vulnerability management, and security control testing
• In-depth knowledge of at least one SIEM platform or security data lake and related processes
• Knowledge of various security tools, their functions, and comparisons
• Knowledge of network and cloud security fundamentals
• Ability to explain complex technical concepts in business terms.
• Extensive experience in report writing and presentation.
• Strong, adaptable, and flexible work ethic
• Good time management skills
• Ability to work under pressure and prioritise activities
  
  
   

Qualifications

• Bachelor's degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field
• 5+ years of technical experience of prior MDR/SOC/Incident response experience
• 3+ years of Threat Hunting and exposure to multiple CTI tools & platforms
• Demonstrated technical knowledge of current network security, network hardware, protocols, and standards required
• Shall have demonstrated professional experience in incident detection and response, malware analysis, or cyber forensics
• Act as a workstream participant to support tier-1, tier-2, or tier-3 SOC environments
• Demonstrated strong oral and written communication and client facing skills
• Demonstrated strong analytical and communications skills
• Flexibility to adapt to different types of engagement, working hours, work environments, and locations
• Proven ability to work creatively, analytically in a problem-solving environment
• Ability to work nights, weekends, and/or holidays in the event of an incident response emergency
• Be comfortable working against deadlines in a fast-paced environment
• Identify issues, opportunities for improvement, and communicate them to an appropriate senior member
• Demonstrated technical knowledge of current network security, network hardware, protocols, and standards required

 

 

Required skills:

• 6+ years of technical experience in Information Security
• Experience with SIEM tools (Qradar, Splunk, Logrhythm, Solarwinds, etc.)
• Experience in Azure Sentinel
• Familiarity with common IDS/IPS and Firewalls (Snort, Cisco, Fortigate, Sourcefire)
• Familiarity with incident response process and activities
• Familiarity with TCP/IP protocol, OSI Seven Layer Model
• Knowledge of Windows, Unix-based systems, architectures, and network security devices
• Intermediate level of knowledge of LAN and WAN technologies
• Must have a solid understanding of information technology, information security domains
• Knowledge of security best practices and concepts
• Desired certifications: Security+, C|EH, Network+, Certified Information Systems Security Professional (CISSP), GIAC Certified Intrusion Analyst, GIAC Certified Incident Handler, or GIAC Reverse Engineering Malware
• Familiarity with ticketing tool / ITSM tool
• Personal drive, positive work ethic to deliver results within tight deadlines and in demanding situation