GURUGRAM · FULLTIME
Senior Analyst - SOC
GRAMAX
Gurugram · onsite · Posted 2d ago
Sourced from
Undisclosed3–7 yrsfulltimeGurugram
Your match
?
Sign in to see your match score, skill gaps & tailored resume.
Section · 01
About this role
Position Title: Sr. Analyst – SOC
Business / Function: GRAMAX Cybertech
Department / Sub-Department: Cyber Security
Location: Delhi
1. Key Accountabilities Responsibilities/duties associated with the job. Where defined, the Key Performance Indicator (KPI) used to judge performance is listed beneath the accountability.
- Continuous monitoring of security alerts and respond to the incidents as per the laid down actions of Run Book
- Provide incident investigation as per Security Incident Management Process / Guidelines
- Drive containment strategy during data loss or breach events
- Triage and resolve advanced vector attacks such as botnets and Advanced Persistent Threats (APTs)
- Perform investigations in response to escalated security alerts, gather evidence and determine RCA of the security incident
- Plan for adversary eviction and incident response
- Conduct malware analysis; maintain up-to-date knowledge of malware analysis techniques
- Provide inputs for forensic analysis and investigation of incidents
- Carry out continuous threat collection and proactively identify threats for global clients to complement the standard SOC
- Identify requirements and drive appropriate solutions
- Create customized use cases as per the environment and fine-tune the security solution
- Provide guidance to member analysts in the team
- Create technical documentation (SOPs, run books, etc.)
- Contribute to identification (hunting) and profiling of threat actors and TTPs; detect current threats and build/run custom analysis models using security event data
- Ensure integration of current security infrastructure and indicators
- Assist in development of the Threat Hunting service and conduct threat hunting
- Execute the incident management process
- Handle customer interactions and on-site engagements
- Align weekly/fortnightly reviews with client and Sr. Security Delivery Manager
- Work with XDR and SIEM solutions such as QRadar, Seceon, ArcSight, Splunk, etc.
- Coordinate with IT, security operations and other teams for remediation and mitigation as appropriate
- Perform Root Cause Analysis (RCA) for incidents and update the knowledge document
- Handle incident escalations from other analysts; project and manage incident responses and coordinate remediation with customers
- Create SOPs for L1 and L2 Incident Response processes
- Train L1/L2 analysts on advanced threat analysis and APT analysis using various tools
- Perform in-depth malware analysis of network activity, disks and memory
- Analyze threat and vulnerability alerts, determine current impact and coordinate remediation actions as necessary
- Conduct detailed analysis using a variety of tools and techniques to investigate, navigate, correlate and understand security incidents
- Work directly with data asset owners and business response plan owners during high-severity incidents
- Provide fine-tuning recommendations to administrators based on findings during investigations or threat information reviews
- Maintain knowledge of network security zones, firewall configurations and IDS policies
- Maintain knowledge of systems communications from Layer 1 to Layer 7
- Bring experience in Systems Administration, Middleware and Application Administration
- Bring experience with Network and Network Security tools administration
- Aggregate and parse log data (syslog, HTTP logs, DB logs) for investigation purposes
- Use log search tools with regular expressions and natural language queries
Sourced from linkedin · view original
Let the agent run this one for you.
Tailored resume, auto-apply, and referral lookup — in under 2 minutes.
Section · 02
Skills
SplunkIncident ManagementNetwork SecurityAntivirusFirewallMiddlewareSOCSOPsRoot Cause AnalysisNetworksiemfirewallslog analysisxdrIncident ResponseThreat HuntingipsarcsightIdsQradarAzure SentinelMalware AnalysisIncident Investigationweb serversnetwork toolsRegular ExpressionsProxiesSystems AdministrationForensic AnalysisSyslogmemory analysisDamfirewall configurationsApplication administrationSecurity AlertsSecurity Incident ManagementNetwork Security ToolsAdvanced Persistent Threatslog search toolsRunbookTTPsdisk analysislog data aggregationLog DataSeceonDB logsHTTP logsSecurity Incident Management ProcessIDS policiesnatural language queriesnetwork activity analysisNetwork security zonesDatabase LogsLayer 1 to Layer 7BotnetsContainment strategy