Security Engineering Analyst

Overview

The Security Engineering Analyst will be responsible for managing high-visibility security incident responses, requiring technical and interpersonal skills to handle high-impact incidents. The role demands swift identification, containment, and remediation of critical security incidents.

Key Responsibilities

• Provide Information Security Operations Center (ISOC) support on a 24x7x365 basis by shift work with rotation
• Review information security alerts from various sources and based on the classification and its impact would prioritize the alerts and assign to the respective teams within Information Security Office.
• Conduct thorough investigative actions based on security events and remediate as dictated by standard operating procedures
• Participate in all the phases of security incident response process, including detection, containment, eradication, and post-incident reporting.
• Record detailed Security Incident Response activities in the Case Management System.
• Use Security information and event management (SIEM) capabilities to develop alerts to detect anomalies.
• Assist in developing and setting up frameworks for developing Security incident response.
• Assist developing and maintaining ISMS procedures (related to ISOC) for complying with global ISMS policy defined by the organization.
• Maintain technical proficiency in information security concepts and related technologies through on the job training, performing individual research and attending training courses as necessary.
• Undertake knowledge sharing and training activities on various monitoring tools and remediation techniques on periodic basis.
• Develop periodic status reports and monthly metrics for reporting purposes.
• Support R&D lab using virtual machines and monitor open-source security research news, contribute to control testing and strengthening.
• Experience in threat hunting in a diverse log and tool environment. The role requires the person to be able to manage threat hunting work program not limited to scoping, tooling and reporting metrics.
• Perform detailed analysis of attacks against web infrastructure. This includes identification of malicious code within URLs, collection of malicious plugins and/or exploits' payload. Able to identify exploit and exploit tools involved in attacks. Able to identify packing techniques used to obfuscate URLs. Able to look at return traffic from exploitation activity looking for successful exploitation.
• Respond to High impact incident like ransomware, major compromise, internal threats, third parties, and data leakage.
• Perform log analysis, analyze large datasets, forensic analysis and create reports.
• Create and deliver data driven reports and presentations for management and other stakeholders.
• Liaison with threat hunting, infrastructure, IT, vulnerability management, threat intelligence and software engineer team members.
• Conduct forensic examinations that include collection, preservation and analysis of data and systems.
• Support creation and delivery of incident response tabletop exercises designed to identify gaps, improve skills, enhance communication and engage with key stakeholders.
• Perform other duties as assigned.

Required Experience

• Minimum 5 years of Information Security experience required with majority of time in a SOC.
• Experience in investigations including, but not limited to, end-user hosts, servers, network infrastructure, mobile devices, peripherals and application systems.
• Experience in working on High impact incident like ransomware, major compromise, internal threats, third parties, and data leakage.
• Experience in log analysis, ability to analyze large datasets, create reports, perform forensic analysis.
• Experience in building and maintaining tools, processes, and capabilities for log analysis, ensuring the provision of data to incident stakeholders in an easy and scalable manner.
• Understanding of network traffic and be able to analyze network traffic from an Incident Response perspective.
• Past exposure to handle malware and financial crime malware related incidents.
• Familiarity with industry-standard processes defined for systems design, database design, development, testing, and integration phases of a project, including Agile-based implementations.
• Experience working in Agile environments, participating in Agile ceremonies, and utilizing Agile methodologies for security operations and threat investigations.
• Knowledge of common hacking tools and techniques

Qualifications

• Bachelor’s or Master’s degree with 2 years of experience or equivalent combination of education and experience (for example, in the IT field: Bachelor’s Degree with a minimum of 1 year of related work experience).

Other Details