Security Analyst

ProArch is a global IT consulting firm providing Security, Data, Application Dev, and Cloud services. Offices are located in the US, UK and India.

Are you passionate about cybersecurity and eager to make a difference? Join our Security Operations Center (SOC) as a Security Analyst I (SOC). In this role, you'll be at the forefront of monitoring, detecting, and responding to security incidents. With 2-3 years of experience in cybersecurity, you'll bring your strong understanding of security principles and excellent analytical skills to our fast-paced environment. You'll work closely with our team to ensure effective incident response and resolution, contributing to the continuous improvement of our SOC processes and procedures. If you're ready to take your career to the next level and be part of a dynamic and challenging environment, we encourage you to apply!

Communication skills are essential, as you will be the technical escalation point for the SOC Team. You'll need to act proactively to ensure smooth security operations and effective collaboration during your shift. A key outcome of this position is to continuously improve the efficiency and quality of the Security Operations Center. Adhering to the processes and procedures documented is an important aspect to successful SOC operations.

Requirements

JOB RESPONSIBILITIES

• SOC Dashboard Monitoring.
• First Response to Alerts generated from Security Solutions ingested in the SIEM/SOAR Tool.
• Verifying the Facts and Enriched Data in Incidents using SOAR Platform.
• Preliminary triage based on the facts from the SOAR.
• Sending email notifications for Medium & lower priority alerts to the client for confirmation on potentially false or benign alerts.
• Helping seniors in triage, evidence collection, incident documentation, etc.
• Reporting to the Shift Lead about the alerts handled during the shift and updating the SHO Sheet.
• Escalation of Incidents based on the preliminary triage using the escalation workflow in case of possible true positives.
• Identifying daily repeat false positive alerts, and interesting patterns based on monitoring of alerts.
• Reporting any tool outages or monitoring downtime during one’s own shift to the Shift Lead or Leads asap.
• Performing Monthly Maintenance Tasks for Health Checks for the Security Monitoring and Response Tools
• Develop, test, and fine-tune detection rules and use cases based on log sources, threat intelligence, attack patterns, and client requirements.
• Identify emerging threats and incorporate them into use-cases for alerts and detections.
• Optimize and refine alert thresholds and logic to minimize false positives and enhance detection accuracy.
• Leverage expertise in Microsoft 365 Defender/Defender XDR, Microsoft Defender for Endpoint, Defender for Office 365 and Entra ID Protection to improve overall threat detection and response.
• Analyze security logs and telemetry data for signs of compromise, anomalous activities, or malicious behavior.
• Prioritize the work effectively and handle shifting priorities professionally.
• Work closely with cross-functional teams (IT, Cloud Operations, Application Development) to mitigate security risks and improve SOC capabilities.
• Create detailed reports and post-analysis reports to communicate findings and recommendations to technical and non-technical stakeholders.
• Contribute to continuous improvement of SOC processes, including SOPs, playbooks, runbooks, and escalation procedures.
• Stay updated with the latest threat landscape, vulnerabilities, and attack methods.
• Share knowledge and insights with other SOC analysts and participate in team knowledge-sharing sessions.
• Participate in red/blue team exercises to test and improve detection and response capabilities.

TECHNICAL SKILLS

Candidate should have a minimum of 2 years of relevant experience in Cyber Security Operations Center. To be successful, this position will require the candidate to have expertise in the following areas:

• Strong understanding of cybersecurity principles and best practices.
• Proficiency in using security monitoring tools and technologies.
• Excellent analytical and problem-solving skills.
• Strong communication skills, both written and verbal.
• Ability to work effectively in a team environment.
• Attention to detail and a proactive approach to identifying and addressing security issues.
• Experience working with Security Information and Event Management (SIEM) systems, preferably Microsoft Sentinel.
• Knowledge of network security, endpoint security, identity protection and cloud security.
• Familiarity with incident response frameworks and methodologies.
• Knowledge of Microsoft Sentinel KQL (Kusto Query Language) for custom queries and rule creation is preferred.
• Familiarity of how SOAR (Security Orchestration and Automated Response) works and ability to provide workflows which can be used for automating SOC responses.
• Knowledge of security frameworks such as MITRE ATT&CK.
• Industry knowledge and experience in Managed Detection and Response (MDR) technologies.
• Experience working in a Managed Security Operations or Security Team is preferred.
• Knowledge of ITIL Foundation Framework.
• Experience or knowledge of various Microsoft Security and Compliance tools is preferred: Microsoft Sentinel, Defender for Endpoint, Defender for Office 365, Entra ID Identity Protection, Defender for Identity, Defender for Cloud Apps, Defender for Cloud, Defender XDR, Defender for IoT, Entra ID & Intune, Microsoft Purview, IRM, DLP, Insider Risk

• Experience of CrowdStrike EDR and/or IDP is highly desirable.
• Knowledge / Experience handling OT Security alerts is desirable.
• Working Knowledge of Vulnerability Management tool.
• Security Awareness Training using tools such as KnowBe4.
• Desirable to have knowledge of Privacy Compliance Frameworks like HIPPA, GDPR, SHIELD
• Outstanding Written, Verbal, Technical, Non-Technical, communication & presentation skills.
• Self-directed with the ability to prioritize and handle SOC Operations and Alert inflow.
• Eager learner continually improving skill sets, earning certifications, and gaining industry knowledge.
• Very good analytical skills
• Outstanding written communication and verbal skills
• 95% of our clients are from USA. Thus, a good command over English language is a must.

EDUCATION AND CERTIFICATION

• Bachelor’s degree in computer science/engineering/IT/Computer Applications or significant demonstrable experience in IT Security / IT.
• Good to have any of these Microsoft Certifications: SC-200, SC-900, AZ-500, SC-300, SC-400.
• Relevant certifications such as CompTIA Security+, Certified Information Systems Security Professional (CISSP), or Certified Ethical Hacker (CEH) are preferred.