Associate Analyst - SOC Job in Bengaluru at Optiv

Optiv is hiring for the role of Associate Analyst - SOC!

Responsibilities of the Candidate:

• Analyze, document and report on potential security incidents identified in customer environments.
• Work with partners to maintain an understanding of security threats, vulnerabilities, and exploits that could impact systems, networks, and assets.
• Provide triage on various security enforcement technologies including, but not limited to SIEM, anti-virus, content filtering/reporting, malware prevention, firewalls, intrusion detection systems, web application firewalls, messaging security platforms, vulnerability scanners etc.
• Perform knowledge transfers, document, and triage client’s issues regarding mitigation of identified threats
• Provide ongoing recommendations customers on best practices
• Actively research current threats and attack vectors being exploited in the wild
• Utilize defined SOP’s and KB’s
• Performs other duties as assigned
• Complies with all policies and standards

Requirements:

• 1-2 years of working with Incident Ticketing Systems (i.e. ServiceNow, Remedy, Remedy Force, Heat, etc.). required
• Desire to gain full-time professional experience in the Information Security field
• Excellent time management, reporting, communication skills, and ability to prioritize work
• Ability to generate comprehensive written reports and recommendations
• Write professional emails
• Previous experience as a point of escalation in a technical environment
• Customer interactions and working through various issues
• Base knowledge of contemporary security architectures/devices such as firewalls, routers, switches, load balancers, remote access technologies, anti-malware, SIEM, and AV
• Ability to work customer’s environments to report on critical security events
• Ability to troubleshoot technical problems and ask probing questions to find the root cause or a problem
• Queue management
• Data analysis using SIEM, Database tools such as Elastic, and Excel
• Experience troubleshooting security, network, and or endpoints
• IDS monitoring/analysis with tools such as Sourcefire and Snort
• Experience with SIEM platforms preferred (QRadar, LogRhythm, Exabeam, Securonix, and Splunk)
• Familiarity with web-based attacks and the OWASP Top 10 at a minimum
• Attack vectors and exploitation
• Mitigation, Active Directory
• Direct (E.g. SQL Injection) versus indirect (E.g. cross-site scripting) attacks
• Familiarity with SANS top 20 critical security controls
• Understand the foundations of enterprise Windows security including:
• Windows security architecture and terminology
• Common system hardening best practices
• Anti-Virus (AV) and Host Based Intrusion Prevention (HIPS)
• Experience in monitoring at least one commercial AV solution such as (but not limited to) Carbon Black, CrowdStrike, McAfee/Intel, Symantec, Sophos or Trend Micro
• Ability to identify common false positives and make suggestions on tuning