Security Operations Center Analyst

Day to Day

Insight Global is looking for a Senior SOC Analyst for one of our major retail apparel clients based out of North America. They will be joining a SOC team to support their 24X7 operations out of their India Tech Hub in Bengaluru. This would be a long term contract role with potential for full time conversion sitting 3 days on site in their Bengaluru office. The working hours would be 9AM-5PM IST.

• 5+ experience in Security Operations Center/Incident Response experience, where they have worked on from analysis, triage to remediation of security alerts/incidents of all Severity (Sev1 -Sev4)
• Cloud Security Experience in particular need to have AWS Cloudtrail/GuardDuty and Azure alerting experience
• Experience working with different SIEM's Sentinel required and Splunk desired as well
• Conduct threat analysis, assessment, and malware triage in support of security investigations and incident response process
• Provide technical leadership and coaching to security operations personnel
• Aid in the creation of a scalable, holistic Triage and Analysis program
• Recognize and research attacker tools, tactics, and procedures (TTP) in indicators of compromise (IOCs) that can be applied to current and future investigations
• Build internal scripts, tools and automation processes to enhance detection and response capabilities
• Collaborates with technical and business teams to drive SOC initiatives acting as the SME

Must Haves

• Bachelor’s Degree in Computer Science or Computer Crime Investigations preferred
• 5+ years of demonstrated experience in computer security- related diciplines such as incident reponse, host forensics, malware analysis, network traffic analysis, Insider Threat, alerts tuning and trend analysis
• Understanding of security threats, vulnerabilities, controls and remediation strategies in customer data environments
• Strong knowledge of cloud security in Azure, AWS, GCloud
• Strong security concepts of threat categories (such as malware, phishing attacks, Defense-inDepth, MITRE ATT&CK framework, etc.)
• Extensive experience working with security tools such as SIEM, EDR, firewalls, IDS/IPS, antispam, content management, server and network device hardening, etc.
• Strong knowledge of Windows, Linux and/or Mac OS and comfortable with looking at, understanding, and investigating Security Event logs.
• Experience with query languages and scripting languages
• Experience in using security orchestration, automation, and response tools
• Azure Sentinel

Plusses

• Splunk

SALARY up to 27-28 LPA