Cyber MS MDR-GS Analyst -TMO

We are seeking a motivated and enthusiastic individual to join our Security Operations Center as a Level 1 SOC Analyst. This entry-level position is perfect for recent graduates or professionals new to the field of cyber security, looking to develop their skills and gain practical experience in a dynamic and challenging environment. You will be part of a team responsible for monitoring and analyzing our security posture, responding to alerts, and participating in incident response activities. 
We are currently seeking Security Associate for our KPMG Managed Services (Spectrum) practice to join us in our Bangalore office.

Note : Candidate must be willing to Work from Office only (Bangalore Location) & willing to do 24x7 rotational shift (Mandatory requirement for this role)

• You will be working as a Level 1 SOC Analyst in KPMG’s expanding Security Operations practice.
• Basic understanding of network protocols, security principles, and security technologies (e.g., firewalls, IDS/IPS, antivirus, etc.).
• Demonstrated strong oral and written communication and client facing skills
• Flexibility to adapt to different types of engagement, working hours, work environments, and locations
• Proven ability to work creatively, analytically in a problem-solving environment
• Ability to work nights, weekends, and/or holidays in the event of an incident response emergency
• Be comfortable working against deadlines in a fast-paced environment
• Identify issues, opportunities for improvement, and communicate them to an appropriate senior member
• You will get a chance to learn new skills, certifications, and work with some of our key alliance partners, including some the largest security vendors in the industry.
• You will be working in a dynamic environment and engage with leading companies around the world.

Specifically, Security Analysts (L1) will:
1.Rapidly identify, categorize, prioritize and investigate events as the initial cyber event detection group for the enterprise using all available security logs and intelligence sources to include but not limited to:
a. Firewalls
b. Systems and Network Devices
c. Web Proxies
d. Intrusion Detection/Prevention Systems
e. Data Loss Prevention
f. EDR / Antivirus Systems
g. Knowledgebase Framework (Confluence)
2.Continuously monitor SIEM and logging environments for security events and alerts to threats, intrusions, and/or compromises, including:
SIEM alert queue
Security email inbox
Intel feeds via email and other sources (e.g. NH-ISAC)
Incident Ticketing queue (IT Security group)
3.Validate alerts as they come in to eliminate false positives and use other internal and external data sources to enrich alerts with additional context  
4.Perform triage of service requests from customers and internal teams
5. Use playbook procedures to carry out standard plays for routine event types and escalate alerts to Level 2 Analysts for further triage and remediation
6. Assist with containment of threats and remediation of environment during or after an incident
7. Act as a participant during Threat Hunting activities at the direction of one or more Incident Response Handlers
8. Document event analysis and write comprehensive reports of incident investigations
9. Proactively improve security-related operational processes and procedures
10. Use available security tools for historical analysis purposes as necessary for detected events; for example, historical searches using SIEM tools
11. Maintain operational shift logs with relevant activity from the Analyst’s shift. Document investigation results, ensuring relevant details are passed to Level 2 or MDR Analysts for final event analysis 
12. Update/reference knowledgebase tool (e.g. Confluence) as necessary for changes to processes and procedures, and ingest of daily intelligence reports and previous shift logs
Note : Candidate must be willing to Work from Office only (Bangalore Location) & willing to do 24x7 rotational shift (Mandatory requirement for this role)

Responsibilities:

• Basic understanding of network protocols, security principles, and security technologies (e.g., firewalls, IDS/IPS, antivirus, etc.).
• Act as a workstream participant to support tier-1, tier-2, or tier-3 SOC environments
• Demonstrated strong oral and written communication and client facing skills
• Demonstrated strong analytical and communications skills
• Flexibility to adapt to different types of engagement, working hours, work environments, and locations
• Proven ability to work creatively, analytically in a problem-solving environment
• Ability to work nights, weekends, and/or holidays in the event of an incident response emergency
• Be comfortable working against deadlines in a fast-paced environment
• Identify issues, opportunities for improvement, and communicate them to an appropriate senior member
• Knowledge of various security tools, their functions, and comparisons
• Knowledge of network and cloud security fundamentals
• Strong, adaptable, and flexible work ethic
• Good time management skills
• Ability to work under pressure and priorities activities.

Required skills:

• 0-1 years of technical experience in Information Security
• Excellent written and verbal communication skills.
• Experience with SIEM tools (Qradar, Splunk, Logrhythm, Solarwinds, etc.)
• Experience in Microsoft Sentinel
• Familiarity with common IDS/IPS and Firewalls (Snort, Cisco, Fortigate, Sourcefire)
• Familiarity with incident response process and activities
• Familiarity with TCP/IP protocol, OSI Seven Layer Model
• Knowledge of Windows, Unix-based systems, architectures, and network security devices
• Intermediate level of knowledge of LAN and WAN technologies
• Must have a solid understanding of information technology, information security domains
• Knowledge of security best practices and concepts
• Desired certifications: Security+, C|EH, Network+ or any Microsoft Security domain certifications
• Familiarity with ticketing tool / ITSM tool
• Personal drive, positive work ethic to deliver results within tight deadlines and in demanding situations