- Escritório em Hyderabad
We are seeking an experienced and technically proficient Security Analyst in our rapidly growing and dynamic shared services team. The ideal candidate will effectively manage security incidents by monitoring, investigating, and identifying the root causes, and recommend effective mitigation strategies. This position offers the opportunity to work with cutting-edge security tools. The role is highly analytical and requires a proactive, detail-oriented mindset to protect critical infrastructure and data.
Core Responsibilities:
· Continuous Monitoring & Alert Triage: Actively monitor and analyze security events, network traffic, and alerts generated by the SIEM (Security Information and Event Management) platform and other security tools in a 24x7 environment.
· Incident Qualification: Perform initial investigation and analysis to determine if an alert is a true positive incident or a false positive; promptly escalating validated security incidents to senior analysts (Tier 2).
· Initial Containment & Response: Execute documented procedures for immediate actions such as network traffic isolation or account disabling
· Log and Traffic Analysis: Conduct analysis of security logs, network packet captures, and endpoint data to establish initial scope and indicators of compromise.
· Vulnerability Support: Assist in performing scheduled vulnerability scans, compiling the raw results, and supporting remediation tracking efforts.
· Documentation & Reporting: Create clear, detailed incident reports, providing a timeline of events, initial findings, and recommended next steps for further investigation.
· Process Adherence: Ensure all incident detection and classification services strictly adhere to established procedures and customer-defined Service Level Agreements (SLAs).
· Threat Intelligence: Continuously research emerging threats (TTPs, IOCs, etc.) and assist in updating internal detection and hunting capabilities.
· Operational Excellence: Actively identify opportunities for the automation of routine tasks and improvements in SOC workflow efficiency.
· Collaboration: Effectively communicate security issues and investigation findings to customers and internal teams, both verbally and in writing.
· Work within a 24x7x365 Security Operations Center, supporting a rotating shift schedule to ensure continuous coverage for multiple customers.
Minimum Requirements:
· 2-4 years of experience in an operational technology environment, a related internship, or relevant education.
· Foundational knowledge of core networking principles (TCP/IP, DNS, HTTP) and general system architecture (Windows/Linux).
· Exposure to or direct experience with security monitoring platforms, preferably a SIEM solution.
· Solid understanding of the cyber security threat landscape, including common attack types and vectors (e.g., phishing, malware).
· Demonstrated analytical, problem-solving, and critical thinking skills with the ability to process large amounts of data.
· Strong verbal and written communication skills for documentation and professional interaction with clients and peers.
Preferred Qualifications:
· Relevant industry certification such as CompTIA Security+, CompTIA CySA+, or Microsoft SC-200.
· Experience with scripting languages (e.g., Python, PowerShell) for task automation.
· Academic background (degree or coursework) in Computer Science, Cyber Security, or a related field.
· Familiarity with various security management tools (e.g., vulnerability scanners, EDR, firewalls).
· Proven ability to work effectively under pressure and rapidly changing priorities.
Core Responsibilities:
· Continuous Monitoring & Alert Triage: Actively monitor and analyze security events, network traffic, and alerts generated by the SIEM (Security Information and Event Management) platform and other security tools in a 24x7 environment.
· Incident Qualification: Perform initial investigation and analysis to determine if an alert is a true positive incident or a false positive; promptly escalating validated security incidents to senior analysts (Tier 2).
· Initial Containment & Response: Execute documented procedures for immediate actions such as network traffic isolation or account disabling
· Log and Traffic Analysis: Conduct analysis of security logs, network packet captures, and endpoint data to establish initial scope and indicators of compromise.
· Vulnerability Support: Assist in performing scheduled vulnerability scans, compiling the raw results, and supporting remediation tracking efforts.
· Documentation & Reporting: Create clear, detailed incident reports, providing a timeline of events, initial findings, and recommended next steps for further investigation.
· Process Adherence: Ensure all incident detection and classification services strictly adhere to established procedures and customer-defined Service Level Agreements (SLAs).
· Threat Intelligence: Continuously research emerging threats (TTPs, IOCs, etc.) and assist in updating internal detection and hunting capabilities.
· Operational Excellence: Actively identify opportunities for the automation of routine tasks and improvements in SOC workflow efficiency.
· Collaboration: Effectively communicate security issues and investigation findings to customers and internal teams, both verbally and in writing.
· Work within a 24x7x365 Security Operations Center, supporting a rotating shift schedule to ensure continuous coverage for multiple customers.
Minimum Requirements:
· 2-4 years of experience in an operational technology environment, a related internship, or relevant education.
· Foundational knowledge of core networking principles (TCP/IP, DNS, HTTP) and general system architecture (Windows/Linux).
· Exposure to or direct experience with security monitoring platforms, preferably a SIEM solution.
· Solid understanding of the cyber security threat landscape, including common attack types and vectors (e.g., phishing, malware).
· Demonstrated analytical, problem-solving, and critical thinking skills with the ability to process large amounts of data.
· Strong verbal and written communication skills for documentation and professional interaction with clients and peers.
Preferred Qualifications:
· Relevant industry certification such as CompTIA Security+, CompTIA CySA+, or Microsoft SC-200.
· Experience with scripting languages (e.g., Python, PowerShell) for task automation.
· Academic background (degree or coursework) in Computer Science, Cyber Security, or a related field.
· Familiarity with various security management tools (e.g., vulnerability scanners, EDR, firewalls).
· Proven ability to work effectively under pressure and rapidly changing priorities.
Candidatar-se agora
