Cyber MS MDR - Assistant Manager

A Level 3 Security Analyst is a subject matter expert responsible for managing threats, disseminating information, and handling, responding to, and investigating all incident escalations from the L1 & L2 security teams.  Level 3 team members will further an investigation and ensure root cause and resolution for metrics, tracking, lessons learned are compiled, documented, and disseminated in conjunction with the CSIRT process. They will provide insight and expertise to examine malicious code (malware), attack vectors, network communication methods, analyze threats against target systems and networks, determine target network capabilities and vulnerabilities, support development and maintenance of new tools and techniques to exploit specific targets, and produce technical after-action reports in support of the SOC. Level 3 analysts will be the focal point for critical security events and incidents and will serve as subject matter experts in providing recommendations to the SOC Manager and other members of Information Security and IT management for escalation and remediation.

Note : Candidate must be willing to Work from Office only (Bangalore Location) & willing to do 24x7 rotational shift (Mandatory requirement for this role)

• You will be working as a consultant in KPMG’s expanding Security Operations practice.
• As a Security Operations consultant, you will help our clients in solving some of the key challenges faced by security operations leaders.
• The work would involve advising our clients on Security Operations Strategy, Design, Maturity Assessment, and Optimization.
• You will get a chance to learn new skills, certifications, and work with some of our key alliance partners, including some the largest security vendors in the industry.
• You will be working in a dynamic environment and engage with leading companies around the world.

Specifically, Security Analysts (L3) will:

•A Level 3 Security Analyst is a subject matter expert responsible for managing threats, disseminating information, and handling, responding to, and investigating all incident escalations from the L1 & L2 security teams. Level 3 team members will further an investigation and ensure root cause and resolution for metrics, tracking, lessons learned are compiled, documented and disseminated in conjunction with the CSIRT process. 
They will provide insight and expertise to examine malicious code (malware), attack vectors, network communication methods, analyze threats against target systems and networks, determine target network capabilities and vulnerabilities, support development and maintenance of new tools and techniques to exploit specific targets, and produce technical after-action reports in support of the SOC. Level 3 analysts will be the focal point for critical security events and incidents and will serve as subject matter experts in providing recommendations to the SOC Manager and other members of Information Security and IT management for escalation and remediation.

Additionally, the Level 3 Analysts will: 
Proficiency in preparing Client reports, good stakeholder management
Possess good communication skills
Validate IOCs that triggered the original alert.   
Investigate intrusion attempts and perform in-depth analysis and correlation of network traffic, host-based alerts, and forensic images as needed. Conduct in-depth investigations of events that are escalated by Level 1 & 2 Analysts. 
Research additional internal and external data sources for additional enrichment of event information.   
Determine when an event has reached the threshold of an incident and engage Incident Response Handler to declare an incident. 
Create filters, data monitors, dashboards, and reports within monitoring utilities.  
Troubleshoot security monitoring devices to improve event correlation and performance.  
Handle high and critical severity incidents as described in the operations playbook.   
Ensure the events populated in the SIEM portals are addressed in a timely manner using available reporting and metrics.  
Coordinate with SIEM Engineers to tune events and alerts. 
Assist with Threat Hunting activities at the direction of one or more Incident Response Handlers. 

Educational qualifications

•Bachelor's degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field. •Desired certifications: Security+, C|EH, Network+, Certified Information Systems Security Professional (CISSP), GIAC Certified Intrusion Analyst, GIAC Certified Incident Handler, or GIAC Reverse Engineering Malware. Familiarity with ticketing tool / ITSM tool like ServiceNow or BMC remedy
  Work experience

• Overall,  more than 9years of prior MDR/SOC/Incident response experience.
• Mandatorily having 6-8 year’s experience with SIEM tools (Microsoft Sentinel, Splunk etc.,)
• 6-8 years' experience with Incident Response activities.
• Hands on experience on O365, exposure to EDR tools like Sentinel One, CrowdStrike, Carbon Black, Microsoft Defender etc.,
• Shall have demonstrated professional experience in incident detection and response, malware analysis, or cyber forensics. 
  Act as a workstream participant to support tier-1, tier-2, or tier-3 SOC environments.
• Coordinate with SIEM Engineers to tune events and alerts.
• Assist with Threat Hunting activities at the direction of one or more Incident Response Handlers.
• Drive and monitor shift-related metrics processes ensuring applicable reporting is gathered and disseminated per SOC requirements.
• Troubleshoot security monitoring devices to improve event correlation and performance.
• Investigate intrusion attempts and perform in-depth analysis and correlation of network traffic, host-based alerts, and forensic images as needed. Conduct in-depth investigations of events that are escalated by Level 2 Analysts.
• Demonstrated strong analytical and communications skills.
• Flexibility to adapt to different types of engagement, working hours, work environments, and locations.
• Proven ability to work creatively, analytically in a problem-solving environment.
• Ability to work nights, weekends, and/or holidays in the event of an incident response emergency, also manager shift schedules to ensure 24x7 coverage by support personnel.
• Understand SIEM solution design and configuration.
• Be comfortable working against deadlines in a fast-paced environment.
• Identify issues, opportunities for improvement, and communicate them to an appropriate senior member.