Security Analyst – Level 1

This is a fully remote position, open to applicants in India.

📋 Description

• Monitoring the SOC Dashboard.

• Responding initially to alerts generated from Security Solutions integrated into the SIEM/SOAR Tool.

• Verifying facts and enriched data in incidents using the SOAR Platform.

• Conducting preliminary triage based on the information from the SOAR.

• Sending email notifications for medium and lower priority alerts to the client for confirmation regarding potentially false or benign alerts.

• Assisting seniors in triage, evidence collection, incident documentation, and other related tasks.

• Reporting to the Shift Lead about alerts managed during the shift and updating the SHO Sheet.

• Escalating incidents based on preliminary triage using the escalation workflow in cases of possible true positives.

• Identifying daily recurring false positive alerts and interesting trends from alert monitoring.

• Reporting any tool outages or monitoring downtime during your shift to the Shift Lead or Leads as soon as possible.

• Performing monthly maintenance tasks for health checks on Security Monitoring and Response Tools.

• Developing, testing, and fine-tuning detection rules and use cases based on log sources, threat intelligence, attack patterns, and client needs.

• Identifying emerging threats and integrating them into use cases for alerts and detections.

• Optimizing and refining alert thresholds and logic to reduce false positives and enhance detection accuracy.

• Utilizing expertise in Microsoft 365 Defender/Defender XDR, Microsoft Defender for Endpoint, Defender for Office 365, and Entra ID Protection to bolster overall threat detection and response.

• Analyzing security logs and telemetry data for indications of compromise, anomalous activities, or malicious behavior.

• Effectively prioritizing work and managing shifting priorities in a professional manner.

• Collaborating closely with cross-functional teams (IT, Cloud Operations, Application Development) to mitigate security risks and enhance SOC capabilities.

• Creating detailed reports and post-analysis findings to communicate insights and recommendations to both technical and non-technical stakeholders.

• Contributing to the continuous improvement of SOC processes, including SOPs, playbooks, runbooks, and escalation procedures.

• Staying informed about the latest threat landscape, vulnerabilities, and attack methods.

• Sharing knowledge and insights with other SOC analysts and engaging in team knowledge-sharing sessions.

• Participating in red/blue team exercises to evaluate and enhance detection and response capabilities.

⛳️ Requirements

• Bachelor’s degree in computer science, engineering, IT, or Computer Applications, or significant demonstrable experience in IT Security/IT.

• Exceptional written, verbal, technical, non-technical communication, and presentation skills.

• Self-motivated with the ability to prioritize and manage SOC operations and alert inflow effectively.

• Eager to learn and continually enhance skill sets, obtain certifications, and gain industry knowledge.

• Strong analytical skills.

• Excellent written and verbal communication abilities.

• As 95% of our clients are based in the USA, proficient command of the English language is essential.

• Preferred to have any of the following Microsoft Certifications: SC-200, SC-900, AZ-500, SC-300, SC-400.

• Relevant certifications such as CompTIA Security+, Certified Information Systems Security Professional (CISSP), or Certified Ethical Hacker (CEH) are advantageous.

🏝️ Benefits

• Opportunity to work in a dynamic and challenging environment.

• Continuous professional development and training opportunities.

• Competitive salary and comprehensive benefits package.