Security Incident Monitoring Analyst

Position Overview:

The Security Incident Monitoring Analyst (L2) will play a crucial role in monitoring, detecting, and responding to security incidents to ensure the ongoing security of Axis Securities infrastructure and assets. This position requires a strong understanding of cybersecurity principles, excellent analytical skills, and the ability to effectively collaborate with other members of the security operations team.

Responsibilities:

1. Monitor security event logs and alerts generated by various security tools and technologies, including SIEM, IDS/IPS, antivirus, and endpoint detection and response (EDR) systems.

2. Analyse security alerts and indicators of compromise (IOCs) to identify potential security incidents and threats to Axis Securities systems and data.

3. Investigate and triage security incidents escalated from Level 1 analysts, determining the scope, impact, and severity of the incidents.

4. Conduct in-depth analysis of security incidents to determine root cause, attack vectors, and potential impact on the organization.

5. Coordinate with internal teams, including IT, network operations, and application development, to gather additional information and facilitate incident response and remediation efforts.

6. Document security incidents and findings, including investigative steps taken, evidence collected, and actions taken to contain and mitigate the incident.

7. Provide recommendations for improving detection and response capabilities based on analysis of security incidents and emerging threats.

8. Participate in the development and tuning of SIEM rules, use cases, and correlation logic to enhance the effectiveness of security monitoring.

9. Stay current with emerging threats, vulnerabilities, and security technologies, and share knowledge with the broader security operations team.

10. Mentor and provide guidance to Level 1 analysts to help develop their skills in security incident monitoring and response.

Education and Certifications:

• Bachelor’s degree in Computer Science, Information Security, or a related field; relevant work experience may be considered in lieu of a degree.
• At least [5] years of experience in a cybersecurity role, with a focus on security incident monitoring and response.
• Strong understanding of cybersecurity principles, threat landscape, and common attack vectors.
• Experience with security tools and technologies, including SIEM platforms (e.g., Splunk, QRadar, ArcSight), IDS/IPS, EDR, and antivirus solutions.
• Proficiency in analysing and interpreting security event logs, network traffic, and endpoint data to identify security incidents.
• Familiarity with incident response frameworks and methodologies, such as NIST SP 800-61 and the SANS Incident Handling Process.
• Relevant certifications such as GIAC Certified Incident Handler (GCIH), CompTIA Security+, or equivalent, are desirable.
• Excellent analytical and problem-solving skills, with the ability to prioritize and manage multiple tasks in a fast-paced environment.
• Strong communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams.