Security yst L3

Job Description :

Position : Security Analyst L3

Location : Hyderabad

Experience : 6 years of SOCrelated work experience

Job responsibilities :

Monitor analyze and interpret security/system logs for events operational irregularities and potential incidents and escalate issues as appropriate

Gather analyze and disseminate threat intelligence from various internal and external sources.

Conduct proactive threat hunting activities to identify advanced threats that may evade existing security controls

Support malware analysis host and network log analysis triage in support of incident response and coordinating with internal & external stakeholders to contain and remediate threats

Responsible for monitoring detection of analysis through various input tools and systems (SIEM IDS / IPS Firewalls EDR etc.)

Conduct basic red team exercises to test the effectiveness of preventive and monitoring controls

Provides support for complex system/network exploitation and defense techniques to include deterring identifying and investigating system and network intrusions

Maintaining and improving the security technologies deployed including creating use cases customizing or better configuring the tools based on past and current threats

Monitoring threat/vulnerability landscape security advisories and acting on them as appropriate

Continuously monitors the security alerts and escalation queue triages security alerts

Monitoring and tuning SIEM (content parsing maintenance)

Monitoring Cloud infrastructure for securityrelated events

Delivers scheduled and adhoc reports

Develop and coach L1/L2 analysts

Author Standard Operating Procedures (SOPs) and training documentation

Work the full ticket lifecycle; handle every step of the alert from detection to remediation

Generates endofshift reports for documentation and knowledge transfer to subsequent analysts on duty

Perform threatintel research learn new attack patterns actively participate in security forums.

Qualification :

Bachelors degree in Engineering or closely related coursework in technology development disciplines

Certifications like CISSP CEH CISM GCIH GCIA are desirable

Experience with the following or related tools : SIEM Tools such as Splunk IBM QRadar Securonix; Case Management Tools such as Swimlane Phantom etc.; EDR tools such as Crowdstrike Sentinel VMware McAfee Microsoft Defender ATP etc; Network Analysis Tools such as Darktrace FireEye NetWitness Panorama etc.

Desired Skills :

Full understanding of SOC L1 L2 responsibilities/duties and how the duties feed into L3. The ability to take lead on incident research when appropriate and be able to mentor junior analysts.

Advanced knowledge of TCP/IP protocols and event log analysis

Strong understanding of Windows Linux and networking concepts

Experience analyzing both log and packet data to include the use of WireShark tcpdump and other capture/analysis tools

Good understanding of security solutions including SIEMs Web Proxies EDR Firewalls VPN authentication encryption IPS/IDS etc.

Functional understanding of Cloud environments

Ability to conduct research into IT security issues and products as required

Working in a TAT based IT security incident resolution practice and knowledge of ITIL

Knowledge and experience with scripting and programming (Python PERL etc.) are also highly preferred

Malware analysis and reverse engineering is a plus

Job Description : Position : Security Analyst -L3 Location : Hyderabad Experience : 6+ years of SOC-related work experience Job responsibilities : - Monitor, analyze, and interpret security/system logs for events, operational irregularities, and potential incidents, and escalate issues as appropriate - Gather, analyze, and disseminate threat intelligence from various internal and external sources. - Conduct proactive threat hunting activities to identify advanced threats that may evade existing security controls - Support malware analysis, host and network, log analysis, triage in support of incident response and coordinating with internal & external stakeholders to contain and remediate threats - Responsible for monitoring, detection of analysis through various input tools and systems (SIEM, IDS / IPS, Firewalls, EDR, etc.) - Conduct basic red team exercises to test the effectiveness of preventive and monitoring controls - Provides support for complex system/network exploitation and defense techniques to include deterring, identifying, and investigating system and network intrusions - Maintaining and improving the security technologies deployed, including creating use cases, customizing or better configuring the tools based on past and current threats - Monitoring threat/vulnerability landscape, security advisories, and acting on them as appropriate - Continuously monitors the security alerts and escalation queue, triages security alerts - Monitoring and tuning SIEM (content, parsing, maintenance) - Monitoring Cloud infrastructure for security-related events - Delivers scheduled and ad-hoc reports - Develop and coach L1/L2 analysts - Author Standard Operating Procedures (SOPs) and training documentation - Work the full ticket lifecycle; handle every step of the alert, from detection to remediation - Generates end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty - Perform threat-intel research, learn new attack patterns, actively participate in security forums. Qualification : - Bachelor's degree in Engineering or closely related coursework in technology development disciplines - Certifications like CISSP, CEH, CISM, GCIH, GCIA are desirable - Experience with the following or related tools : SIEM Tools such as Splunk, IBM QRadar, Securonix; Case Management Tools such as Swimlane, Phantom, etc.; EDR tools such as Crowdstrike, Sentinel, VMware, McAfee, Microsoft Defender ATP, etc; Network Analysis Tools such as Darktrace, FireEye, NetWitness, Panorama, etc. Desired Skills : - Full understanding of SOC L1, L2 responsibilities/duties and how the duties feed into L3. The ability to take lead on incident research when appropriate and be able to mentor junior analysts. - Advanced knowledge of TCP/IP protocols and event log analysis - Strong understanding of Windows, Linux and networking concepts - Experience analyzing both log and packet data to include the use of WireShark, tcpdump and other capture/analysis tools - Good understanding of security solutions including SIEMs, Web Proxies, EDR, Firewalls, VPN, authentication, encryption, IPS/IDS etc. - Functional understanding of Cloud environments - Ability to conduct research into IT security issues and products as required - Working in a TAT based IT security incident resolution practice and knowledge of ITIL - Knowledge and experience with scripting and programming (Python, PERL, etc.) are also highly preferred - Malware analysis and reverse engineering is a plus