IT Security Analyst II

Job Description

To be part of a global security operations center and be responsible for - proactively identify threats and vulnerabilities; implement industry best practices; participate in the review and resolution of opportunities from both internal and external IT security audits; provide recommendations to the overall IT security posture of the organization; and participate in the creation of IT security awareness communications to the organization that adhere to corporate safety and security regulations Responsibilities: Investigate and provide proper incident response to security alerts. Identify new security use cases and create required detection rules in the system. Work with the customer to gather requirements, propose use cases and build them in Splunk. Perform administration activities in Splunk including integration of log sources, creation of queries for security use cases, dashboards, troubleshoot issues. Assist and train team members on how to investigate and respond to various security threats. Manage and support wide range of security technologies including SIEM, EDR, Vulnerability Scanners, Identity and Access Management, Data Loss Prevention, and Cloud Security. Participate in security solution design and security consultation. Work with the customer point of contacts for any escalated incidents, security remediation. Create required dashboards and provide reports. Actively participate in customer meetings and give presentations. Job Bachelor's degree in Computer Science, Information Security, or an equivalent degree. 4+ years of working experience in Information Security. Vast experience in Splunk Enterprise and Enterprise Security. Have experience in integration of log sources, defining use cases, creation of new correlation rules, creation of dashboards, implementing best practices in Splunk environment. Good understanding of security threats and mitigation strategies. Have in-depth knowledge on how to investigate and respond to various security alerts, and can able to create incident response procedures for same. Certification in any of the following is a plusSplunk Certified Admin/Architect, CEH. Demonstrated excellent response to critical incidents and security threats in the past. Excellent analytical, presentation, customer service and facilitation skills. Ready to work in 24x7 Security operations.