Cyber Security Analyst

Job Duties (Summary):

• Senior Security SOC Analyst works in 24/7 team and in shifts which include nights and rotational weekends.
• The role is a key part of our Security Monitoring Incident Response team, involving in investigating alerts/events that trigger from MS Sentinel / SIEM and EDR Tools and other end point tools.
• Senior Analyst will be the internal escalation point for the Security analysts within the shift/team and will assist Security Analysts in responding to Security Incidents.
• This role also needs exceptional communication skills (verbal and written), and an ability quickly understand complex information while recognizing familiar elements within complex situations.
  
  Mandatory Skills Needed:
• Sentinel SOC L3 SME should posses the below:
• 1. capability of using KQL query operators to determine root cause for incident investigations Should be an L2/L3 SME in SOC IR (Mandatory)
• 2. Decent understanding and hands-on experience for integrating devices using Method Threat Intelligence, ITSM, Logic App, Function App, and API integration, SIEM's (Any tool is fine)
• 3. knowledgeable about syslog-based, Native, and AMA Connect integrations.
• 4. Experience in setting up and configuring workbooks, playbooks, and fine-tuning defining new analytical rules.
• 5. practical knowledge with KQL use cases for MITRE framework techniques.
• 6. Should be capable of mentoring L1 analysts on incident investigations.
• 7. Should brain storm new ideas and identify the configuration and network gaps.

Required Skills & Experience:

• Responsible for 24/7 monitor, triage, analysing security events and alerts. Including Malware analysis.
• Should have good hands-on in Microsoft Sentinel and should have ability to query using KQL [Mandatory]
• Familiarity with core concepts of security incident response, e.g., the typical phases of response, vulnerabilities vs threats vs actors, Indicators of Compromise (IoCs), etc...
• Strong knowledge of email security threats and security controls, including experience analysing email headers.
• Analysing Phishing emails and associated Threats and to remediate them by blocking the Url's analysing the malware(s),link(s),IOC's.
• Good understanding of Threat Intel and Hunting.
• Good hands on experience in investigating EDR alerts (Tanium, CrowdStrike, etc..)
• Good hands on experience in using XSOAR Platforms (Demisto, Phantom, etc..)
• Strong technical understanding of network fundamentals and common Internet protocols, specifically DNS, HTTP, HTTPS / TLS, and SMTP.
• Experience analysing network traffic using tools such as Wireshark, to investigate either security issues or complex operational issues.
• Experience reviewing system and application logs (e.g., web or mail server logs), either to investigate security issues or complex operational issues.
• Knowledge in investigating security issues within Cloud infrastructure such as AWS, GCP, Azure (Preferred not mandatory)
• Good knowledge and hands-on experience with SIEM systems such as RSA Netwitness/Splunk/AlienVault/QRadar, ArcSight or similar in understanding/creating new detection rules, correlation rules etc...
• Experience In defining use cases for playbooks and runbooks (Preferred)
• Experience in understanding log types and log parsing
• Strong passion in information security, including awareness of current threats and security best practices.

Basic Qualifications (Preferred not mandatory if Candidate has equivalent knowledge)

• Bachelor's Degree in Computer Sciences or equivalent (Preferred not mandatory)
• Minimum of 3 years of experience in a Security Operations Centre (SOC) or incident response team (CSIRT Team member).
• Overall 3+ experience in Information Security/IT Security/Network Security.
• CEH, CISSP, OSCP, CHFI, ECSA, GCIH, GCIA, GSEC, GCFA certification (minimum One certification - Preferred not mandatory)
• A relevant specialist degree (e.g., information security or digital forensics).
• Knowledge in NIST CSF, MiTRE & ATTACK Framework.
• Active involvement in the Information Security community.
• Certified in Azure Security [SC-200, AZ-500, AZ-900] Either one or more [Mandatory]

If you encounter any suspicious mail, advertisements, or persons who offer jobs at Wipro, please email us at [email protected]. Do not email your resume to this ID as it is not monitored for resumes and career applications.

Any complaints or concerns regarding unethical/unfair hiring practices should be directed to our Ombuds Group at [email protected].

We are an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, caste, creed, religion, gender, marital status, age, ethnic and national origin, gender identity, gender expression, sexual orientation, political orientation, disability status, protected veteran status, or any other characteristic protected by law.

Wipro is committed to creating an accessible, supportive, and inclusive workplace. Reasonable accommodation will be provided to all applicants including persons with disabilities, throughout the recruitment and selection process. Accommodations must be communicated in advance of the application, where possible, and will be reviewed on an individual basis. Wipro provides equal opportunities to all and values diversity.