The primary function of Security Analyst is to analyse any incidents escalated by various security tools and services and undertake the detailed investigation of the Security Event.The Security Analyst shall determine whether the security event will be classified as an incident. Once an incident is classified, he/she will be coordinating with the IT and other cross functional team for closure/resolution of the Security Incident

Responsibilities

• Escalate validated and confirmed incidents to designated incident response team/ infra /applications team etc.
• Notify concerned parties of incident and required mitigation works and track for closure.
• Fine-tune SOC rules with SOC managed provider to reduce false positive and remove false negatives.
• Collect global threat intelligence and internal threats then inject actions based on analysis and recommendation.
• Proactively research and monitor security information to identify potential threats that may impact the organisation.
• Develop and distribute information and alerts on required corrective actions to the organisation.
• Learn new attack patterns, actively participate in security forums.
• Work closely with Vulnerability Management and designated incident response team.
• Understand the structure and the meaning of logs from different log sources such as FW, IDS, Windows DC, Cisco appliances, AV and antimalware software, email security etc.
• Open and update incidents in ITSM tool to report the alarms triggered or threats detected.
• Track and update incidents and requests based on updates and analysis results.
• Support Head of security in evaluation of various tools and technology
• Provide periodic updates and reports to Head Security to ensure critical alerts / proactive measures are implemented.

Essential Skills

• Knowledge and hands-on experience of implementation and management of EDR, SIEM Tools, VAPT and other security products.
• Experience with Security Information Event Management (SIEM) tools, creating advanced co-relation rules, administration of SIEM, system hardening, and Vulnerability Assessments.
• Knowledge and expertise to run vulnerability scan tools in the network.
• Should have expertise on TCP/IP network traffic and event log analysis.
• Knowledge of ITIL disciplines such as Incident, Problem and Change Management.
• Deep understanding on criticality of alert and taking appropriate and timely action for closure.