Associate Consultant - Level 1 Security Analyst

Job Title: Senior Security Associate (Security Analyst )

Location: Bangalore, India

Work Type: Work from Office (6 Months Contract)

Shift: 24x7 Rotational Shifts (Mandatory)

Overview:We are seeking a Senior Security Associate to join KPMG Managed Services (Spectrum) practice based in Bangalore. The ideal candidate will have experience in Security Operations Center (SOC), particularly in monitoring, triaging, and escalating security events using SIEM and other cybersecurity tools.

Required skills:

•       Experience with

  SIEM tools

  (Qradar, Splunk, Logrhythm, Solarwinds, etc.)
•       Experience in

  Azure Sentinel

•       Familiarity with common IDS/IPS and Firewalls (Snort, Cisco, Fortigate, Sourcefire)
•       Familiarity with incident response process and activities
•       Familiarity with TCP/IP protocol, OSI Seven Layer Model
•       Knowledge of

  Windows

  , Unix-based systems, architectures, and network security devices
•       Intermediate level of knowledge of LAN and WAN technologies
•       Must have a solid understanding of information technology, information security domains
•       Knowledge of security best practices and concepts
•       Desired certifications: Security+, C|EH, Network+, Certified Information Systems Security Professional (CISSP), GIAC Certified Intrusion Analyst, GIAC Certified Incident Handler, or GIAC Reverse Engineering Malware
•       Familiarity with ticketing tool / ITSM tool
•       Personal drive, positive work ethic to deliver results within tight deadlines and in demanding situations

Specifically, Security Analysts (L1) will:

1.    Rapidly identify, categorize, prioritize and investigate events as the initial cyber event detection group for the enterprise using all available security logs and intelligence sources to include but not limited to:

a.    Firewalls

b.    Systems and Network Devices

c.    Web Proxies

d.    Intrusion Detection/Prevention Systems

e.    Data Loss Prevention

f.      EDR / Antivirus Systems

g.    Knowledgebase Framework (Confluence)

2.    Continuously monitor SIEM and logging environments for security events and alerts to threats, intrusions, and/or compromises, including:

•       SIEM alert queue
•       Security email inbox
•       Intel feeds via email and other sources (e.g. NH-ISAC)
•       Incident Ticketing queue (IT Security group)

3.    Validate alerts as they come in to eliminate false positives and use other internal and external data sources to enrich alerts with additional context 

4.    Perform triage of service requests from customers and internal teams

5.    Use playbook procedures to carry out standard plays for routine event types and escalate alerts to Level 2 Analysts for further triage and remediation

6.    Assist with containment of threats and remediation of environment during or after an incident

7.    Act as a participant during Threat Hunting activities at the direction of one or more Incident Response Handlers

8.    Document event analysis and write comprehensive reports of incident investigations

9.    Proactively improve security-related operational processes and procedures

10. Use available security tools for historical analysis purposes as necessary for detected events; for example, historical searches using SIEM tools

11. Maintain operational shift logs with relevant activity from the Analysts shift. Document investigation results, ensuring relevant details are passed to Level 2 or MDR Analysts for final event analysis

Additional Information:

• Location: This is an on-site role in Bangalore.
• Shift Requirement: Candidates must be open to 24x7 rotational shifts, including night and weekend shifts.

Candidates should have a positive attitude, strong work ethic, and the ability to meet tight deadlines in demanding environments