SOC Analyst II, Information Security

Bengaluru

General & Administration – Information Security /

Full-Time /

Hybrid

Apply for this job

Role: SOC Analyst (Level -1)

Location: Bengaluru

Shift Timing: Rotational Shift (9-hrs * 5 Days a week) – Hybrid.

Position Summary:

SOC Analyst (Level 2) collaborates with Level-1 and Level-3 SOC Analysts, thoroughly analysing security events and promptly addressing True Positive incidents. This role involves regular team meetings and cooperation with Infrastructure and operational teams. With a focus on global operations, this position entails security event analysis, incident response, and related tasks within a 24/7 organizational framework.

WHAT YOU WILL BE DOING

SOC Analyst Level-2 will support the 24/7 Cyber Security Fusion Centre (SOC) as the first line of defense to identify potential information security incidents by monitoring real-time security events generated by detection tools, channels or dashboards, periodic reports, email inboxes, helpdesk or other ticketing system, telephone calls, chat sessions.
We will follow incident-specific procedures to triage potential security incidents to validate and determine needed mitigation.
When L1 escalates a security event, L2 must conduct a more thorough analysis. If confirmed as a True Positive incident, L2 should escalate it to L3. Or advise L1 members until the security event is resolved within the SLA.
Keep accurate incident notes in the case management system (JIRA).
Maintain awareness of the organization's technology architecture, known weaknesses, the architecture of the security solutions used for monitoring, imminent and pervasive threats identified by threat intelligence, and recent security incidents.
Perform web hunting for new patterns/activities and advise on Cyber Security content development and testing.
Provide advice and guidance on the response action plans for information risk events and incidents based on incident type and severity.
Ensure that all identified events are promptly validated and thoroughly investigated.
Provide end-to-end event analysis and incident detection and manage escalations using documented procedures.
Devise and document new procedures and runbooks/playbooks as directed.
Assist the Shift Leads and fulfil Shift Lead responsibilities in their absence.
Maintain monthly Service Level Agreements (SLAs).
Maintain compliance with processes, runbooks, templates, and procedures-based experience and best practices.
Assist the Cyber Hunting team with advanced investigations as needed.
Provide malware analysis (executables, scripts, documents) to determine indicators of compromise and create signatures for future detection of similar samples.
Continuously improve the service by identifying and correcting issues or gaps in knowledge (analysis procedures, plays, client network models), false positive tuning, identifying and recommending new or updated tools, content, countermeasures, scripts, plug-ins, etc.
Perform peer reviews and consultations with Level 1 analysts regarding potential security incidents.
Serve as a subject matter expert in at least one security-related area (e.g., specific malware solution, Python programming, etc.).
Actively seek self-improvement through continuous learning and pursuing advancement to a SOC Shift Lead.
Provide shift status and metric reporting.
Support weekly Operations calls.

WHAT YOU BRING

Education: A bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field is often preferred.
4 to 7 years of working experience in Security Operation Centre.
Willing to work in shifts - 24/7 schedule (9 hours rotational shift model with five working days a week).
A minimum of 6 to 8 years of experience is required in security incident response or a security operations centre (SOC).
Experience in security technologies such as:
Security information and event management (SIEM).
Cloud security tools.
Cloudflare, AWS Web Application Firewall (WAF).
Intrusion Prevention System.
Data Loss Prevention (DLP).
Web Content filtering.
Endpoint detection and response (EDR).
Antivirus, Sandboxing, network- and host-based firewalls.
Threat Intelligence.
Penetration Testing.
You need to know advanced persistent threats (APT) tactics, techniques, and procedures.
Good understanding of the Mitre attack framework.
Proficiency in understanding possible attack activities such as network probing/ scanning, DDOS, malicious code activity, etc.
You should understand alerts generated by SIEM, EDR, Antivirus, Email Security Gateway, DLP, CNAPP, WAF, VPN, and various log sources.
Strong analytical and problem-solving skills to assess and address security alerts and events, escalate actual positive incidents to SOC Analyst level 3 with appropriate information, and mitigate the risks.
Identify the security gaps and need to recommend new rules/solutions to SOC Analyst (Level -3)
Candidate should suggest finetuning for existing alert rules based on the high count/wherever required.
Strong working knowledge of security-relevant data, including network protocols, ports, and shared services, such as TCP/IP and application layer protocols (e.g., HTTP/S, DNS, FTP, SMTP, IAM, etc.).
Candidate should know security concepts such as cyber-attacks and techniques, threat vectors, risk management, and incident management. etc
The candidate should know about Windows and Unix-based systems/architectures, security best practices, and concepts.
Handling End User reported Cybersecurity events and requests on content filtering using XDR for blocking and unblocking URLs.
Flexibility and the capacity to adapt quickly to evolving security landscapes, emerging threats, new technologies, and changing priorities.
Ability to communicate technical details effectively in writing and verbally to IT personnel and management.

Certification: Certified Intrusion Analyst (GIAC), Continuous Monitoring (GMON), Certified Ethical Hacker (CEH) or equivalent.

Apply for this job