Principal Analyst | On-site, Bangalore

How you'll make an impact:

• Operate independently in a geographically dispersed team, while maintaining situational awareness and keeping the team up to date  

• Perform security monitoring and incident response activities across the networks, leveraging a variety of tools and techniques  

• Detect incidents through proactive “hunting” across security-relevant data sets  

• Thoroughly document incident response analysis activities  

• Review investigations conducted by more junior analysts to ensure quality standards are met  

• Develop new, repeatable methods for finding malicious activity across the networks  

• Provide recommendations to enhance detection and protection capabilities  

• Regularly present technical topics to technical and non-technical audiences  

• Develop and follow detailed operational processes and procedures to appropriately analyze, escalate, and assist in the remediation of information security incidents  

• Prioritize multiple high-priority tasks and formulate responses/recommendations to customers and team members in a fast-paced environment  

• Provide assistance to other security teams  

• Continually develop new technical skills and push overall team capabilities forward  

• Engage with and mentor other team members  

• Work with other teams on major engineering and architecture initiatives   

• Be innovative with their understanding of attack methodologies, malware analysis, malicious toolkits, and how those may manifest within various security technologies  

• Advanced proactive threat hunting   

• Understands advanced adversary emulation concepts   

• Advanced use case design for insider threat, operational, threat detection and response   

• Review of defensive and detective controls to reduce client attack surface 

What we're looking for

• 8+ years operational experience assessing, reviewing, and remediating infrastructure vulnerabilities, CVE’s, and risks.  

• Knowledge of third-party software vulnerabilities, security threat landscape, especially network and server threats 

• Knowledge of cyber security threats and risks, vendor computing environments, basic systems, and network technologies.  

• Experience with and understanding of CVE’s and CVSS scores  Knowledge of compensating controls and mitigating factors.  

• Knowledge of Information Security frameworks, guidelines, and standard methodologies.  

• Knowledge of the Windows and / or Linux operating systems  

• Knowledge and understanding of Cybersecurity controls and logging and monitoring tools.  

• Ability to expertly interact with all levels of personnel  

• Excellent verbal and written communication skills  

• Strong in problem solving and analytical skills  

• Ability to work on multiple projects by prioritizing and results oriented approach  

• Good teammate with flexibility required for support operations  

• Be well versed in the cyber threat landscape; have an advanced understanding and knowledge of what tactics and techniques are being used by adversaries; have an advanced understand and knowledge of what security controls and/or telemetry data is available to detect these tactics and techniques; and be familiar with cyber security incident response terminology, processes, and techniques.  

• Moderate to complex investigations (multiple tools) including endpoint, UEBA, public cloud, SAAS and packet analysis  

• Security use case design recommendations for threat detection  

• Threat response activities such as quarantining host and other common response playbook activities  

• Proactive threat hunting using multiple client tools  

• Process development and documentation  

• Application of threat intelligence to improve detection and response capabilities  

• Extensive experience with the MITRE @ttack framework and associated tactics  

• Extensive alert triage and endpoint investigations using technologies such as EDR  

• Phishing analysis  

• Malware analysis (does not include reverse engineering)  

• MITRE attack framework expertise and understanding of common attack tactics used by threat actors  

• Provide recommendations on tuning of security detection platforms and use cases to improve accuracy of detection  

• The role demands the availability for US working hours (5PM (IST) to 2AM (IST))

• This role is Work From Office role.