Security analystPosted: April 19, 2022, 6:12 a.m. - Full Time - Bangalore
Primary responsibilities would include: Explore and correlate large data sets to uncover novel attack techniques, monitor and catalog changes in activity group tradecraft, to research and provide new detection mechanisms. Acquire new and leverage existing knowledge of attacker tools, tactics, and procedures to improve the security posture of customers. Self-driven and team cooperated research on novel attack techniques to simulate them in the lab on endpoints and cloud infrastructure to identify required detection mechanisms. Identify the need for required tools for research and analysis and effectively engage and collaborate with partners in engineering and data science to develop and maintain them. Build hunting tools and automation for use in the discovery of human adversaries.
Candidates would be expected to support a 24/7 operation model that may sometimes involve working night shifts.
Required experiences: 2+ years of experience in a technical role in the areas of security operations, malware analysis, threat intelligence, cyber incident response, or penetration testing/red team experience with reverse engineering, digital forensics (dfir), or incident response comfortable working with extremely large data sets for analysis and visualization, using tools and scripting languages such as: excel, SQL, python, Splunk query language, kusto query language and powerbi ability to track, analyze, and brief on new and ongoing cyber-attacks in cloud infrastructure with an understanding of aad, adfs, and popular authentication/authorization protocols like saml, oauth, openid connect in-depth understanding of the latest cloud-based techniques used by attackers for persistence, privilege escalation, defense evasion and lateral movement in platforms such as azure ad, office 365 and google workspace functional understanding of common threat analysis models such as the diamond model, cyber kill chain, and mitre att&ck. advanced experience using analysis tools (e.g. file/network/os monitoring tools and/or debuggers) and advanced knowledge of operating system internals and security mechanisms excellent cross-group and interpersonal skills, with the ability to articulate the business needs for detection improvements and a strong ability to use data to Ã¢â‚¬Ëœtell a story.
Following additional experiences are favorable, but not required: technical bs degree preferred in computer science, computer engineering, information security, mathematics, or physics experience with system administration in a large enterprise environment including windows and linux servers,along withworkstations, networkandcloud administration.for example,expertise in edr (Microsoft defender for endpoint), mdo, mdi,mcas, mtp or m365d experience with system administration in a large enterprise environment including windows and Linux servers and workstations, network administration, cloud administration. 1+ years of experience developing software or tools using c++, c#, python, ruby, or similar, kusto experience with offensive security including tools such as Metasploit, exploit development, open-source intelligence gathering (osint), and designing ways to breach enterprise networks experience with advanced persistent threats and human adversary compromises additional advanced technical degrees or cyber security-based certifications such as cissp, oscp, ceh, or giac certifications