- Monitor alerts across Security Stack and provide advanced detection and response service though security event analysis review
- Perform live response data collection and analysis on threats
- Perform incident response and basic malware analysis to investigate incidents
- Help navigate staff from incident response triage into the incident response process if findings are substantiated
- Work with the senior security engineers and analysts in fine tuning the security systems removing any false positive alarms.
- Maintain current knowledge of tools and best practices in forensics and incident response and develop an understanding of advanced persistent threats, including tools, techniques, and procedures of attackers.
- Conduct vulnerability assessment and implement remediation strategies to advance threat intelligence.
- Conduct third party information security risk assessments
- Perform phishing simulation exercises across and defining phishing templates.
- Conduct regular security and risk assessments of applications, infrastructure and define security controls.
- Lead security vulnerability management program recommending best practices/solutions to address vulnerabilities, secure hosts, applications, databases, and network technologies
- Collect and analyse threat intelligence reports covering new threats, vulnerabilities, and research.
- Strengthen security operations monitoring by extracting data from threat intelligence and develop understanding of adversary TTPs.
- Automate the tasking of IOCs and other threat intelligence data for tasking in existing cybersecurity databases
- Implement new and uplift existing monitoring and alerting capability to proactively identify new and emerging threats within the corporate network.
- Monitor the performance of security solutions to identify and bring to attention breaches and potential intrusion incidents.
- Investigate security breaches within a defined area of responsibility to maintain the compliance with internal security standards.
- Handle cyber security incidents in conjunction with the existing service providers from detection through to completion including maintaining incident response documentation, post-mortem root cause analysis, writing incident reports and providing lessons learnt and enhancements required.
- Operating security monitoring and incident response toolsets with a focus on reviewing of corrective measures and continuous improvement.
- Analyse security systems and seek improvements on a continuous basis.
- Multi-Factor and user account review. Define policy and processes for user account control and review. Ensure adherence and review for future risks
- Co-ordinate with Security vendors and upgrade or rebuild of security platforms as desired.
- Be an enthusiastic advocate of Cybers Security and IT risk management by continuously educating employees on information security principles and their role in upholding those principles.
- Contribute to the development and maintenance of documented security solution run-book procedures and techniques.
QUALIFICATIONS & REQUIREMENTS:
- 7+ years’ experience working as security analyst or any other similar roles.
- 2 + years’ experience as a Systems/Network administrator, or Network Security analyst required.
- 2 + years year of advanced working knowledge of Windows and Linux operating systems required.
- Experience with security tools such as firewall logs, intrusion detection systems, Security Incident and Event Management.
- 1+ experience with automation tooling and frameworks such as Python, Powershell and Terraform required.
- Experience in IT Infrastructure & application security, working in a large and complex environment.
- Experience with incident interpretation received from Cyber Security Operations Centre (SOC) and defining tasks required to deliver resolution.
- Strong experience in developing and maintaining Vulnerability Management process and procedures – Qualys, CrowdStrike Falcon Spotlight, Tenable.
- Experience with Vulnerability Assessment & Management including OS, Network, Web, Database & application vulnerability assessments.
- Working knowledge of Active Directory, Azure AD, IDS/IPS, DNS, VPN, SIEM, LAN, WAN.
- Experience with building automation solutions using Python and Power Shell.
- A strong desire to learn new cyber security tools and get involved and take ownership in new projects
- Good understanding of SIEM and other infrastructure level technologies -Windows, Linux, VMware, Azure, AWS and O365.
- Experience with Web Security Gateways, Email Security Gateways, Web Application Firewalls
- Experienced with Endpoint Detection, analysis, and Response control.
- Good understanding of End point security tools like application whitelisting, HIPS, ATP etc.
- Good experience with managing email gateways – O365 and Proofpoint.
- Experience with O365 E5 security tools.
- Good experience with managing AWS Security tools - AWS Security Hub, Amazon Guard Duty, AWS Shield.
Work Schedule: Day Shift / Flexible
Work Setup: WFH / Hybrid