Senior Security Operations Center Analyst - Threat Detection (5-10 yrs)

The Company :

Egon Zehnder (www.egonzehnder.com) is the world's preeminent leadership advisory firm, inspiring leaders to navigate complex questions with human answers. We have more than 560 consultants who bring together vast industry experience and diverse insight, operating globally through 63 offices in 36 countries spanning across Europe, the Americas, Asia Pacific, the Middle East and Africa.

Knowledge Centre India (KCI) :

Knowledge Center India (KCI), is the central engine that drives the operational value for the firm. Established in 2004, KCI has evolved over the years from purely operational efficiencies into more value added service offerings, becoming a true business partner. There are various teams based at KCI that work with Global Offices, Practice Groups and the Management across all aspects of the firm's business life cycle. With a headcount of more than 500, the center has 5 core teams working including Experts, Research Operations, Visual Solutions, Projects/CV Capture and Digital IT, working round the clock on many missions critical elements.
Who We Are :

We believe that together we can transform people, organizations, and the world through leadership. Our clients range from the largest corporations to emerging growth companies, government and regulatory bodies, and major educational and cultural institutions. We collaborate as One Firm across industries and geographies, leveraging strengths of every colleague and operate as a private partnership independent of any outside interests.

We are part of Digital-IT team established 15 years ago in Gurgaon, India to provide technology support and rollout digital initiatives to 60 plus global offices. Digital IT has six key pillars - Collaboration Technology; Functional Technology; Digital Technology; Security & Architecture; Infrastructure & Services, Digital Success to support business and to take lead on digital transformation initiatives with the total strength of 150+ team members across the globe.

The Position :

Be a part of the Security Operations Centre (SOC) as a SOC analyst identifying, analyzing, notifying, and responding to security threats across a complex and disperse IT estate.

Conduct complex compromise analysis and work with resolver groups to ensure the timely mitigation of security events. Perform forensic investigations. Identify and assess threat intelligence sources recommending relevant requisite actions, gaining agreement, and facilitating implementation. Conduct security assessments including penetration testing and vulnerability assessments.

It is required that you stay up to date on IT security and on the latest methods attackers are using to infiltrate computer systems. Analysts need to research new security technology to decide what will most effectively protect their organization. The responsibilities are continually expanding as the number of cyberattacks increases.

Experience : 5+ Years

Able to work shifts on a rotating basis for 24/7 operational support

Responsibilities :

1. Provides Monitoring and Analysis support of Cybersecurity events

- Identify and detect security threats

- Perform initial triage

- Report security events, in accordance with established processes and procedures

- Perform threat analysis, risk analysis, security assessments, and vulnerability testing

- Anticipate threats and alerts to avoid their occurrence

- Understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity, etc.

- Understanding of common malware types and behaviors and common infection vectors Ability to identify attacker Tactics, Techniques, and procedures (TTPs) Experience with IoC lifecycle (development, organization, sharing, effective usage)

Will be responsible for :

- Developing alerting, reporting, and automated detection solutions Authoring rules and creating new ML features

- Strong experience in leveraging Next gen SIEM with SOAR/XDR capabilities to detect & investigate the cyber security incident and reporting in defined template.

SIEM solution management and maintenance :

- Ensure health of underlying architecture

- Create ruleset and alerts to cover the current threat landscape

- Remediate alerts generated by the system

- Manage vendor relationship with OEM

Security Log Analysis :

- Monitor and analyze the logs from various security tools e.g. SIEM, EDR, DLP, AV etc. and manually correlate system analyzed events

- Practical/Working experience with tools like EDR, DLP, Zero Trust, Threat intel software, IPS/IDS, Email Security tools

- Collaborate with various IT groups to collaborate for analysis, troubleshooting, and ensure that their requirements and new initiatives adhere to information security policies and best practices

- Responding to escalations to resolve detection effectiveness issues (misclassified spam/phish and false positives) Design and develop novel threat detection techniques or methodologies from creating proof-of-concept to productizing the solution.

- Perform device reviews to ensure compliance with hardening standards, access controls and security related configuration settings

- Prepare and update security documentation including security procedures, standards, notifications, and alerts in support of other teams within the EgonZehnder Security department.

- Proactively hunting threats, blue teaming, performing exploit and vulnerability research, all in order to find and a gap that can be exploited by bad actors

Skills :

1. Prior work experience in SOC

2. Should be able to conduct advanced forensics including packet captures using tools such as Wireshark, Netmon etc.

3. Knowledge and experience of configuration and operation of SIEM Solutions

4. Expert knowledge of configuration and operation of Security Solutions including, Firewalls, IDS, Internet Filters, DLP, Vulnerability Scanners, Anti Malware Solutions, etc.

5. A basic understanding of Linux and Windows operating systems and OS event logging

6. Strong analytical and problem-solving skills

7. Excellent communication skills both verbal and written

8. Experience in evaluating and implementing new tools, and solutions by working directly with the vendor

Relevant Professional Qualifications (Preferred) :

- Certified Ethical Hacker (CEH)

- Global Information Assurance Certifications (GIAC) e.g. Certified Incident Handler (GCIH), Certified Intrusion Analyst (GCIA), Certified Enterprise Defender (GCED)