Analyst - SecOps
- Bangalore, Karnataka
- Permanent
- Full-time
- Threat Detection and Incident Response:
- Monitor, analyze, and respond to global security alerts using SIEM/SOAR tools.
- Triage with sandboxing technologies
- Analyze with threat intelligence tools
- Investigate and respond to security events, implementing containment and recovery strategies.
- Expedite with AI/ML workflows and capabilities
- Utilize KQL for querying and correlating data to identify and address threats.
- Develop and manage automated detection rules and playbooks in Microsoft Sentinel.
- Employ Microsoft Defender and MS Purview Data Loss Prevention (DLP) tools to enhance endpoint protection and data security.
- Threat Hunting and Data Forensics:
- Conduct proactive threat hunting and data forensics to uncover potential threats.
- Utilize advanced threat intelligence platforms to inform and refine threat detection strategies.
- Develop and execute SOC playbooks to improve response and operational efficiency.
- Team Collaboration and Leadership:
- Triage and assist on complex incidents and investigations.
- Collaborate with USA Security escalation teams and departments to enhance overall security posture.
- Assist in developing and refining SOC procedures and best practices.
- Career Development:
- Opportunities for progression to SOC Lead and Architect roles.
- Access to continuous learning, certifications, and professional development resources.
- Regular performance reviews to discuss career growth and advancement.
- Qualifications:
- Preferred Bachelor’s degree in Computer Science, Cybersecurity, or a related field.
- 3-5 years of experience as a SOC analyst, preferably with lead responsibilities.
- Strong knowledge of KQL (Kusto Query Language) for querying and analyzing security data.
- Hands-on experience with Microsoft Sentinel, including rule creation, playbook implementation, and workbooks.
- Proficiency in Microsoft Defender and MS Purview Data Loss Prevention (DLP).
- Certifications such as CISSP, CEH, or CompTIA Security+ are a plus.
- Core Technologies and Expertise Required:
- Microsoft Sentinel: Experience with SIEM, rule creation, playbooks, and workbooks.
- KQL (Kusto Query Language): Proficiency in querying and data correlation.
- Microsoft Defender: Expertise in endpoint protection and threat detection.
- MS Purview Data Loss Prevention (DLP): Experience with data protection and loss prevention strategies.
- Incident Response Tools: Knowledge of containment and recovery strategies.
- Vulnerability Management Tools: Experience in assessments, penetration tests, and threat monitoring.
- Threat Intelligence Platforms: Ability to leverage and analyze threat intelligence.
- Network Security: Working knowledge of firewalls, IDS/IPS, and network security protocols.
- Data Forensics: Proficient in data forensic analysis and investigation.
- SOC Playbooks: Proficient in creating and managing SOC playbooks.
- Additional Skills:
- Strong understanding of incident response processes and procedures.
- Excellent analytical and problem-solving skills.
- Ability to work within a well-managed team
- Shift Coverage: Rotational 24x7 shifts.