Senior Security Operations Analyst (Tier 3 SOC)
Marvell
- Bangalore, Karnataka
- Permanent
- Full-time
- Act as a key advisor to the Cyber Operations Director on matters of security operations, bringing deep technical expertise to strategic discussions. You have an insatiable curiosity and a deep understanding of how technology and processes are supposed to work, from which to recognize ways in which they can be abused.
- Threat hunting and forensic analysis. You will creatively find new and unusual threats, and will confirm the reach of threats identified by the front line.
- Identify and digest threat data from various open and closed sources, correlating it against environmental context to produce threat intelligence. Validate for actionable items, and take appropriate actions to mitigate risk.
- When needed and under the direction of the CSIRT program lead, you will act as Incident Commander to lead the response to and resolve specific incidents. You will coordinate with external teams to get the support needed for incident closure.
- Communicate incidents at an appropriate level of detail to multiple levels of the company. Clearly and accurately communicate risks and trade-offs to business owners and company executives, enabling them to make informed decisions.
- Train junior analysts on incident response process and tasks. Constantly improve DFIR processes and procedures to improve speed and accuracy.
- Understand, use, monitor, and optimize existing SIEM rules and SOAR processes. You will continually look for ways to improve detection accuracy and reduce false positive alerts, and for ways to accelerate or automate response processes.
- Propose and develop new use cases and playbooks/SOPs. You will propose and develop automation for recurring incidents and incident tasks, and will identify and onboard new datasources to support new threat detection and response use cases.
- Collaborate with technical and business experts from partner organizations including IT, Engineering, Finance, Audit/Compliance, HR/Legal, and Global Security.
- Shift lead, accountable for all SOC functions during your shift. Lead junior analysts, oversee their performance, guide and confirm their analytical conclusions, and ensure continuity for active cases shift to shift.
- Escalation point for a global 24x7x365 SOC environment
- Act as mentor and lead for other team members
- 8+ years' experience in one or more security-relevant domains including 5+ years as a SOC Analyst, or a Network Analyst with security scope; preferably for a
- Strong communication skills and an ability to adapt a message to audiences ranging from technology SMEs to company executives to stakeholders in every business discipline.
- Deep understanding of MITRE ATT&CK, with demonstrated experience building detection cases and playbooks around the tactics and techniques most relevant to your business.
- Proficient technical writing skills (documenting processes and procedures);
- Ability to solve problems and work through ambiguity and uncertainty;
- Proficiency in common scripting languages such as PowerShell, Bash, Python, etc.
- Proficiency with one or more SIEM query language
- Working knowledge of TCP/IP protocols, windows and sysmon event logs, *nix audit logs, Microsoft 365 audit logs, public cloud logs.
- Experience configuring, tuning, monitoring, and supporting SIEM log collection and indexing infrastructure
- Experience working extensively with technologies such as IDS/IPS, NGFW, EDR, SIEM, HIDS/HIPS, AV, and Vulnerability Scanners.
- Expert level and continually expanding understanding of common and emerging security threats and vulnerabilities
- Self-motivated and proven ability to deliver end-to-end solutions in a high-tech and fast moving industry.
- Industry security certifications such as CISSP and relevant GIAC certifications or equivalent highly desirable.
- Understanding of NIST Cyber Security Framework standard and requirements and ability to apply them to an enterprise environment.
- Experience with infrastructure operations and processes associated with IT service management in an Enterprise-level organization.