Senior Analyst

Roles and Responsibilities:

• Oversees the planning, execution, and management of cyber command centre operations
• Serves as a subject matter expert (SME) for performing security and threat assessments and preparing mitigation plans
• Manage a team of individuals and vendors to provide support to cyber command center which is built to protect data across the enterprise
• Monitors networks for signs of adversarial activity as a key member of the cybersecurity command centre
• Develops and updates incident response playbooks to ensure response activities align with best practices, minimize gaps in response and provide comprehensive mitigation of threats
• Monitoring, analysing, and detecting security events and incidents as per the defined policies
• Manage, tune, and optimise SIEM tool (Alienvault / LogRhythm), which includes evaluating existing rules, filters, events and use cases per the business requirement
• Provide recommendation to optimise security controls such as IDS / IPS, endpoint security, vulnerability management, data loss prevention (DLP) Symantec
• End to end management of DLP or VAPT incidents, tasks and reporting
• Ensure strict implementation of configuration management (Device hardening control)
• Handling escalated security incidents / issues and be responsible for deep dive analysis of escalated incidents, threat hunting and malware analysis
• Identify opportunities for continuous improvement in security operations
• Ensure service level agreements are met and processes are followed

Technical and Functional Knowledge:

• Experience and good knowledge on network security technologies like Firewall, IPS/IDS, SIEM, DDOS, Proxy, WAF, VAPT, IBM App scan, nessus 
• Experience and good knowledge on End Point security technologies like Anti-malware, EDR and Data Protection technologies like DLP , Data Encryption and so on
• Knowledge on networking technologies like Router / Switches, load balancer etc.
• Experience in working for Dynamic SOC environments and numerous SOC such as Alienvault, LogRhythm, Sourcefire IPS/ IDS, Cisco AMP, Digital Guardian, Proofpoint.
• Experience on VA tools like (Burpsuite pro, NMAP, Metasploit, Wireshark, OWASP ZAP, SQLMAP, Aircrack, Alpha external wireless card, H-Ping)
• Good Network Security knowledge, TCP/IP, Linux, Windows, etc.

People Management and Personality Traits:

• Work with SOC manager for creating new operational guidelines, processes and procedures
• Act as the last point of escalation for SOC team, and assist with handing out work assignments to the team members
• Serve as primary operational contact with client and management in the absence of the manager
• Guide and mentor reporting manager and analysts with investigation and mitigation of security threats and incidents
• Develop and mentor staff by providing opportunity of growth through delegation, training and assignment of various projects
• Strong team player and ability to work in a challenging and constantly changing environment.
• Strong customer focus with an understanding of client expectations
• Strong communication, writing and interpersonal skills
• Proficiency with case management and ticketing systems
• Good written and verbal communication
• Team management experience
• At least 6 years over all IT/Security experience.
• Minimum 3-4 years of experience in Security. 
• Knowledge of deployment and maintenance of SIEM. Aware of VAPT basics, hand on experience will be a plus.
• Knowledge of DLP and EDR solutions and operational experience of handling those tools.
• Experience of audit and compliance activities will be a plus.
• Must have experience of preparing and presenting reports, dashboards and managing projects eg: SIEM/EDR/DLP deployment for example.