EY - Senior Security Analyst - Cyber Defence Response Centre

Role title : Senior Security Analyst - Cyber Defence Response Centre

Cyber Defense Response Center (CDRC) :

- Senior Security Analyst who will be responsible for are responsible for providing effective security monitoring and incident response through triage, investigation, communication, and reporting.

- He/She will also work collaboratively with team members and managers to respond to and resolve information security incidents, maintain and follow procedures for security alerting, and participate in security investigations. He/She should be capable of identifying vectors of threats and incidents, and develops documentation to support the incident response process.

- He/She needs to articulates security issues and recommendations to IT project teams and management.

Essential Functions of the Job :

- Operate as First/Second level support to a 24x7 Cyber Defense Response Centre.

- Act as the primary point of contact for reporting, monitoring, and tracking reported events and operational events.

- Identify, prioritize and respond to security threats

- Will operate in a close team of computer/digital forensic, fraud, and other IT investigative experts.

- Ensure that all incidents are recorded and tracked to meet audit, compliance and legal requirements.

- Conduct root cause analysis to identify gaps and recommendations ultimately remediating risks to the firm.

- Maintain an inventory of the procedures used by the CDRC and regularly evaluate the CDRC procedures and add, remove, and update the procedures as appropriate

- Publish reports to applicable teams

- Generate reports on Cyber defence centre activity

Analytical/Decision Making Responsibilities :

- Actively investigates the latest security vulnerabilities, advisories, incidents, and penetration techniques and notifies the manager when appropriate.

- Recognizes successful intrusions and compromises through review and analysis of relevant event detail information.

- Contributes to maintaining the confidentiality, integrity, and availability of the data residing on or transmitted to/from/through enterprise workstations, servers, and other systems and in databases and other data repositories by following and enforcing IT security standards, policies and procedures.

- Assist in incident determination, ticketing and incident response, prevention and remediation

- Engages in ongoing communications with peers in the Systems and Networking groups as well as the various business groups to allow for enterprise wide understanding of security goals, to solicit feedback and to foster co-operation

- Able to weigh general business needs against security concerns being seen across the enterprise and industry, and articulate issues to supervisors Translates technical vulnerabilities in business risk enabling senior leadership to make informed decision

Knowledge and Skills Requirements :

- Under Graduate/Post Graduate Degree in Computer Science or Engineering or related domain (MCA/MTech/BTech/BCA /BSc CS or BSc IT).

- Fair Understanding of Linux, TCP/IP, Network Security, encryption standards etc.

- Aware of Types of attacks (DOS, DDOS etc.)

- Aware of log monitoring.

- Idea about various penetration testing and application testing methodology and tools is a definite plus.

- Knowledge in application development (Microsoft technologies).

- Soft Skills - Excellent communication skills; written and verbal.

- Good Attitude.

- Good Presentation skills

- Good Investigative, analytical and problem solving skills

- Ability to work in a team, with little supervision and using own initiative

8+ years experience in one or more of the following :

- Security Information & Event management (SIEM) tools.

- Incident Handling and Incident Response.

- Vulnerability assessment.

- Deep Understanding of the following - Firewalls, Intrusion detection and prevention systems, anti- virus and content filtering, URL filtering, authentication solutions, switches, routers, VoIP, DMZ.

- Experience in enterprise security architecture design and document creation

- Knowledge in Linux & scripting Languages(Shell Script, Vb script, Python etc) is a definite plus.

- Experience with Splunk Enterprise Security is a plus

Supervising Responsibilities :

- Coordinate escalations and collaborate with internal technology teams to ensure timely resolution of issues

- Will provide mentoring, support, and direction for other members of the team, as required

- Helps team and colleagues understand the bigger picture of technical, ethical and financial needs.

- Requires minimal supervision from management and frequently works on projects with only periodic updates to supervisor

- May seek guidance on increasingly complex projects

Other Requirements :

- Should be willing to work in shifts (24/7)

Certification Requirements :

- CISSP/CISA/CISM

- SANS GIAC

- CCNA/CCNA Security, RHCE

- CCSA/CEH/CIH