Cyber MS MDR - L1

Function: KGS Response Team

Position: Level 1 Security Analyst/Associate Consultant

Location: Bangalore

Roles and Responsibilities

The primary role of a Security Analyst (L1) is the detailed and repeatable execution of all operational tasks as documented in processes and subordinate procedures. Specifically, these analysts will be responsible for monitoring the SIEM tools for security events and closing or escalating those events as necessary. Security Analysts maintain the group email address and distribution lists,and update all relevant documentation such as shift logs and tickets. Additionally, assist the MDR Analyst in an incident workflow and assist the MDR team in incident detection, remediation and communicate with external teams in proper incident resolution. 

Specifically, Security Analysts (L1) will:

1. Rapidly identify, categorize, prioritize and investigate events as the initial cyber event detection group for the enterprise using all available security logs and intelligence sources to include but not limited to:
   1. Firewalls
   2. Systems and Network Devices
   3. Web Proxies
   4. Intrusion Detection/Prevention Systems
   5. Data Loss Prevention
   6. EDR / Antivirus Systems
   7. Knowledgebase Framework (Confluence)
2. Continuously monitor SIEM and logging environments for security events and alerts to threats, intrusions, and/or compromises, including:

• SIEM alert queue
• Security email inbox
• Intel feeds via email and other sources (e.g. NH-ISAC)
• Incident Ticketing queue (IT Security group)

1. Validate alerts as they come in to eliminate false positives and use other internal and external data sources to enrich alerts with additional context 
2. Perform triage of service requests from customers and internal teams
3. Use playbook procedures to carry out standard plays for routine event types and escalate alerts to Level 2 Analysts for further triage and remediation
4. Assist with containment of threats and remediation of environment during or after an incident
5. Act as a participant during Threat Hunting activities at the direction of one or more Incident Response Handlers
6. Document event analysis and write comprehensive reports of incident investigations
7. Proactively improve security-related operational processes and procedures
8. Use available security tools for historical analysis purposes as necessary for detected events; for example, historical searches using SIEM tools
9. Maintain operational shift logs with relevant activity from the Analyst’s shift. Document investigation results, ensuring relevant details are passed to Level 2 or MDR Analysts for final event analysis 
10. Update/reference knowledgebase tool (e.g. Confluence) as necessary for changes to processes and procedures, and ingest of daily intelligence reports and previous shift logs
11. Conduct research and document events of interest within the scope of IT Security

Qualifications

• Bachelor's degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field
• 0-1 years of prior MDR/SOC/Incident response experience
• Act as a workstream participant to support tier-1, tier-2, or tier-3 SOC environments
• Demonstrated strong oral and written communication and client facing skills
• Demonstrated strong analytical and communications skills
• Flexibility to adapt to different types of engagement, working hours, work environments, and locations
• Proven ability to work creatively, analytically in a problem-solving environment
• Ability to work nights, weekends, and/or holidays in the event of an incident response emergency
• Be comfortable working against deadlines in a fast-paced environment
• Identify issues, opportunities for improvement, and communicate them to an appropriate senior member

Required skills:

• Familiarity with any SIEM tool (Qradar, Splunk, Logrhythm, Sentinel etc.)
• Familiarity with Email Security, especially, analysis for Phishing Emails.
• Familiarity with incident response process and activities
• Familiarity with TCP/IP protocol, OSI Seven Layer Model
• Must have a basic understanding of information technology, information security domains
• Knowledge of security best practices and concepts
• Desired certifications: ISC2 CC (ISC2 Cyber Security), Security+, C|EH, Network+, ECIH (EC Council’s Incident Handler)
• Familiarity with ticketing tool / ITSM tool
• Personal drive, positive work ethic to deliver results within tight deadlines and in demanding situations

Function: KGS Response Team

Position: Level 1 Security Analyst/Associate Consultant

Location: Bangalore

Roles and Responsibilities

The primary role of a Security Analyst (L1) is the detailed and repeatable execution of all operational tasks as documented in processes and subordinate procedures. Specifically, these analysts will be responsible for monitoring the SIEM tools for security events and closing or escalating those events as necessary. Security Analysts maintain the group email address and distribution lists,and update all relevant documentation such as shift logs and tickets. Additionally, assist the MDR Analyst in an incident workflow and assist the MDR team in incident detection, remediation and communicate with external teams in proper incident resolution. 

Specifically, Security Analysts (L1) will:

1. Rapidly identify, categorize, prioritize and investigate events as the initial cyber event detection group for the enterprise using all available security logs and intelligence sources to include but not limited to:
   1. Firewalls
   2. Systems and Network Devices
   3. Web Proxies
   4. Intrusion Detection/Prevention Systems
   5. Data Loss Prevention
   6. EDR / Antivirus Systems
   7. Knowledgebase Framework (Confluence)
2. Continuously monitor SIEM and logging environments for security events and alerts to threats, intrusions, and/or compromises, including:

• SIEM alert queue
• Security email inbox
• Intel feeds via email and other sources (e.g. NH-ISAC)
• Incident Ticketing queue (IT Security group)

1. Validate alerts as they come in to eliminate false positives and use other internal and external data sources to enrich alerts with additional context 
2. Perform triage of service requests from customers and internal teams
3. Use playbook procedures to carry out standard plays for routine event types and escalate alerts to Level 2 Analysts for further triage and remediation
4. Assist with containment of threats and remediation of environment during or after an incident
5. Act as a participant during Threat Hunting activities at the direction of one or more Incident Response Handlers
6. Document event analysis and write comprehensive reports of incident investigations
7. Proactively improve security-related operational processes and procedures
8. Use available security tools for historical analysis purposes as necessary for detected events; for example, historical searches using SIEM tools
9. Maintain operational shift logs with relevant activity from the Analyst’s shift. Document investigation results, ensuring relevant details are passed to Level 2 or MDR Analysts for final event analysis 
10. Update/reference knowledgebase tool (e.g. Confluence) as necessary for changes to processes and procedures, and ingest of daily intelligence reports and previous shift logs
11. Conduct research and document events of interest within the scope of IT Security

Qualifications

• Bachelor's degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field
• 0-1 years of prior MDR/SOC/Incident response experience
• Act as a workstream participant to support tier-1, tier-2, or tier-3 SOC environments
• Demonstrated strong oral and written communication and client facing skills
• Demonstrated strong analytical and communications skills
• Flexibility to adapt to different types of engagement, working hours, work environments, and locations
• Proven ability to work creatively, analytically in a problem-solving environment
• Ability to work nights, weekends, and/or holidays in the event of an incident response emergency
• Be comfortable working against deadlines in a fast-paced environment
• Identify issues, opportunities for improvement, and communicate them to an appropriate senior member

Required skills:

• Familiarity with any SIEM tool (Qradar, Splunk, Logrhythm, Sentinel etc.)
• Familiarity with Email Security, especially, analysis for Phishing Emails.
• Familiarity with incident response process and activities
• Familiarity with TCP/IP protocol, OSI Seven Layer Model
• Must have a basic understanding of information technology, information security domains
• Knowledge of security best practices and concepts
• Desired certifications: ISC2 CC (ISC2 Cyber Security), Security+, C|EH, Network+, ECIH (EC Council’s Incident Handler)
• Familiarity with ticketing tool / ITSM tool
• Personal drive, positive work ethic to deliver results within tight deadlines and in demanding situations

Function: KGS Response Team

Position: Level 1 Security Analyst/Associate Consultant

Location: Bangalore

Roles and Responsibilities

The primary role of a Security Analyst (L1) is the detailed and repeatable execution of all operational tasks as documented in processes and subordinate procedures. Specifically, these analysts will be responsible for monitoring the SIEM tools for security events and closing or escalating those events as necessary. Security Analysts maintain the group email address and distribution lists,and update all relevant documentation such as shift logs and tickets. Additionally, assist the MDR Analyst in an incident workflow and assist the MDR team in incident detection, remediation and communicate with external teams in proper incident resolution. 

Specifically, Security Analysts (L1) will:

1. Rapidly identify, categorize, prioritize and investigate events as the initial cyber event detection group for the enterprise using all available security logs and intelligence sources to include but not limited to:
   1. Firewalls
   2. Systems and Network Devices
   3. Web Proxies
   4. Intrusion Detection/Prevention Systems
   5. Data Loss Prevention
   6. EDR / Antivirus Systems
   7. Knowledgebase Framework (Confluence)
2. Continuously monitor SIEM and logging environments for security events and alerts to threats, intrusions, and/or compromises, including:

• SIEM alert queue
• Security email inbox
• Intel feeds via email and other sources (e.g. NH-ISAC)
• Incident Ticketing queue (IT Security group)

1. Validate alerts as they come in to eliminate false positives and use other internal and external data sources to enrich alerts with additional context 
2. Perform triage of service requests from customers and internal teams
3. Use playbook procedures to carry out standard plays for routine event types and escalate alerts to Level 2 Analysts for further triage and remediation
4. Assist with containment of threats and remediation of environment during or after an incident
5. Act as a participant during Threat Hunting activities at the direction of one or more Incident Response Handlers
6. Document event analysis and write comprehensive reports of incident investigations
7. Proactively improve security-related operational processes and procedures
8. Use available security tools for historical analysis purposes as necessary for detected events; for example, historical searches using SIEM tools
9. Maintain operational shift logs with relevant activity from the Analyst’s shift. Document investigation results, ensuring relevant details are passed to Level 2 or MDR Analysts for final event analysis 
10. Update/reference knowledgebase tool (e.g. Confluence) as necessary for changes to processes and procedures, and ingest of daily intelligence reports and previous shift logs
11. Conduct research and document events of interest within the scope of IT Security

Qualifications

• Bachelor's degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field
• 0-1 years of prior MDR/SOC/Incident response experience
• Act as a workstream participant to support tier-1, tier-2, or tier-3 SOC environments
• Demonstrated strong oral and written communication and client facing skills
• Demonstrated strong analytical and communications skills
• Flexibility to adapt to different types of engagement, working hours, work environments, and locations
• Proven ability to work creatively, analytically in a problem-solving environment
• Ability to work nights, weekends, and/or holidays in the event of an incident response emergency
• Be comfortable working against deadlines in a fast-paced environment
• Identify issues, opportunities for improvement, and communicate them to an appropriate senior member

Required skills:

• Familiarity with any SIEM tool (Qradar, Splunk, Logrhythm, Sentinel etc.)
• Familiarity with Email Security, especially, analysis for Phishing Emails.
• Familiarity with incident response process and activities
• Familiarity with TCP/IP protocol, OSI Seven Layer Model
• Must have a basic understanding of information technology, information security domains
• Knowledge of security best practices and concepts
• Desired certifications: ISC2 CC (ISC2 Cyber Security), Security+, C|EH, Network+, ECIH (EC Council’s Incident Handler)
• Familiarity with ticketing tool / ITSM tool
• Personal drive, positive work ethic to deliver results within tight deadlines and in demanding situations