Role : Lead Security Analyst
Location : Noida
Culture : Hybrid
Experience – 8 -14 Years

• Review tickets escalated from L1 or L2 analysts to confirm the priority, category and accuracy of the details and conditions.
• Pivot to additional security tools to obtain and ascertain context or information and any other pertinent information to inform on the most effective and efficient mitigation/remediation actions.
• Escalate tickets as required to GSOC Director for additional scrutiny and incident declaration.
• Collaborate with internal and external groups to develop and execute containment, eradication, and recovery strategies for lower priority incidents.
• Identify, approve, and implement blocking, listing and other mechanisms to promote a robust security posture.
• Participate in the Cyber Incident Response Plan (CIRP) process as part of the Cyber Incident Response Team (CIRT) or as the Cyber Incident Response Lead (CIRL) to lead and/or support mitigating and/or remediating critical incidents.
• Participate in post-incident activities including coordinating and providing input within the requisite reports and identifying areas for continuous improvements within the GSOC enablement, processes or technology.

• Bachelor’s degree in computer science or a related discipline
• CISSP, CCSP, GIAC or other relevant cyber security certifications
• Working professional with 6+ years of relevant Security/SOC experience

• Knowledge of the common attack vectors on the network layer, different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
• Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored) and cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Knowledge of cybersecurity, incident response methodologies, privacy principles, cyber threats, vulnerabilities, and detection methodologies and techniques for detecting intrusions.
• Experience with Splunk, Google Chronicle, Elastic Search, EDR solutions, email security tools, and cloud environments (GCP, Azure).
• Knowledge and experience in reverse engineering to understand how an information asset works and analyzing system components to identify potential vulnerabilities.
• Knowledge and experience in developing automations using scripting languages like Python and PowerShell to automate various tasks and improve accuracy, enhance task consistency, and increase scalability.
• Knowledge and experience in Security Information and Event Management (SIEM) use case and content development techniques and objectives.
• Knowledge and experience in conducting and participating in security audits and assessments.
• Understanding and experience in developing, and delivering relevant and value-add operational metrics to support and provide visibility into the GSOC program.
• Communicate in English: write clearly and speak authoritatively to different audiences (business leaders and engineers).