Lead Security Analyst

• We are looking for seasoned Security Analysts for our Client Delivery and Solution Development teams, with proven experience in - analysing large volumes of complex raw data, creating business value out of it to develop analytical products, by analysing and investigating security risks and incidents and leveraging security technologies.
• This role is highly collaborative and will interact effectively with various internal stakeholders.
• It is essential to have a broad understanding of various relevant technologies, with deep expertise to be hands-on with some of them.
• The ideal candidate would also be a self-starter and self-motivated individual with a strong commitment to quality, a positive work ethic, and a "can do" attitude.
• The role of a Lead Security Analyst has a few key dimensions:
• Solution design and development : Develop PAI s Security Data Science Platform (SDS) and analytics solutions by working with other stakeholders to develop and extend security analytics models for identifying and detecting security risks using a range of industry frameworks like NIST, CIS, ISO27001.

This involves:

• Ideation of features/analytical outputs
• UX design and prototyping
• Use case / Outcome documentation

Data Analysis :

• Data Source Analysis & Source System Analysis
• Identifying data sources for solution implementation. e.g.: identifying Splunk indexes, API endpoints.
• Understanding of the Source System and the other competing vendor solutions in this space.
• API Documentation - Authentication, Data Volume, Output data, Ingestion Methodology.
• Exploratory analysis of data (EDA) required to support use cases.
• Identifying patterns, relationship/co-relation with data sources and perform volumetric analysis.

Stakeholder /Client Engagement :

• Work with experienced client security teams to analyze and investigate security risks and controls, to help enterprises improve their security risk posture.

This would involve:

• translating client/solution requirements to security use-cases.
• designing analytics to support use-cases.
• translating use-cases to solutions features.
• explaining Why and How a feature will reduce a security risk.
• using and demoing our solutions using client data.
• presenting insights confidently and positioning them well for the target audience.

Market Research :

• Understanding of various security architecture, security tools and processes widely used in an Enterprise; as well as various security user personas, their roles and responsibilities and their pain points, to help understand how the PAI solution landscape addresses these pain points.

Data Modelling :

• Supporting development of security analytics based on source system analysis in addition to designing and building entities and relationships.
• Testing : Functional Validation of analytics developed.

Documentation & Training :

• Responsibility for various documentation artefacts like Use case, Functional Design, User Guide, Developer Guide documentation.

• Significant experience in analysing security risks using a range of security tools and products.
• Hands-on experience in data modelling, data warehousing, conceptual, logical and physical model development in relational database environments.
• Experience conducting information security risk assessments based on industry risk frameworks to identify and evaluate mitigating controls.
• Excellent attention to detail, analytical skills and problem solving skills with an ability to analyse complex technical information in order to identify patterns and trends.
• Experience using SIEM tools like Splunk.
• Self-motivated individual capable of working in a fast-paced environment.
• Great written and verbal communication skills, including presentation skills, with an ability to communicate with a range of technical and non-technical team members and other relevant individuals.
• Excellent consultative, facilitative, and consensus-building abilities

• Exposure to multiple information security and cyber security frame works like NIST CSF, CIS OWASP 10, MITRE, ISO 27001.
• Breadth and depth of security knowledge in multiple domains of software network & cloud security, based on working experience within information security teams and security operations.
• Understanding of the cyber security risks, attacks and threats associated with various technologies and ways to manage them.
• Ability to query in Data Lake for conducting detailed analysis using Pyspark, SQL, etc and familiarity with industry-standard data modelling methodologies.