MDR Consultant

Role & responsibilities

Position: Level 1 Analyst

Location: Bangalore

The primary role of a Security Analyst (L1) is the detailed and repeatable execution of all operational

tasks as documented in processes and subordinate procedures. Specifically, these analysts will be

responsible for monitoring the SIEM tools for security events and closing or escalating those events as

necessary. Security Analysts maintain the group email address and distribution lists, answer the main

phone lines, and update all relevant documentation such as shift logs and tickets. 

Additionally, assist the MDR Analyst in an incident workflow and assist the MDR team in incident

detection, remediation and communicate with external teams in proper incident resolution. We are

currently seeking an Analyst for the MDR practice to join us in our Bangalore office.

Note : Candidate must be willing to Work from Office only (Bangalore Location) & willing to do 24x7

rotational shift (Mandatory requirement for this role)

• You will be working as an Analyst in KPMGs expanding Security Operations practice.

• As a Security Operations analyst, you will help monitor the client environment and coordinate with

the shift leads to ensure security incidents are addressed and escalated in time.

• You will get a chance to learn new skills, certifications, and work with some of our key alliance

partners, including some the largest security vendors in the industry.

• You will be working in a dynamic environment and engage with leading companies around the

world.

Specifically, Security Analysts (L2) will:

• Rapidly identify, categorize, prioritize and investigate events as the initial cyber event detection

group for the enterprise using all available security logs and intelligence sources 

• Continuously monitor SIEM and logging environments for security events and alerts to threats,

intrusions, and/or compromises, including:

• SIEM alert queue
• Security email inbox
• Intel feeds via email and other sources
• Incident Ticketing queue (IT Security group)
• Validate alerts as they come in to eliminate false positives and use other internal and external

data sources to enrich alerts with additional context 

• Perform triage of service requests from customers and internal teams
• Use playbook procedures to carry out standard plays for routine event types and escalate alerts to

Level 2 Analysts for further triage and remediation

• Assist with containment of threats and remediation of environment during or after an incident

• Document event analysis and write comprehensive reports of incident investigations
• Maintain operational shift logs with relevant activity from the Analyst’s shift. Document

investigation results, ensuring relevant details are passed to Level 2 or MDR Analysts for final

event analysis

• Update/reference knowledgebase tool as necessary for changes to processes and procedures,

and ingest of daily intelligence reports and previous shift logs

• Conduct research and document events of interest within the scope of IT Security

Note : Candidate must be willing to Work from Office only (Bangalore Location) & willing to do

24x7 rotational shift (Mandatory requirement for this role)

Qualifications

• Hands on experience in a Security Operations Centre (6 months-1 year) is an added advantage
• Monitor and analyse Intrusion Detection Systems (IDS), Anomaly Detection Systems (ADS), Firewall

event logs, Security Incident and Event Management (SIEM) toolset and other event logs to identify

security attacks and threats for remediation/suppression.

• Fundamental understanding of security concepts such as SIEM, EDR, Networking in general.
• Knowledge of network and cloud security fundamentals
• Ability to explain complex technical concepts in business terms.
• Strong, adaptable, and flexible work ethic
• Good time management and communication skills
• Ability to work under pressure and priorities activities.

Required skills:

• Hands on experience in a Security Operations Centre (6 months-1 year) is an added advantage
• Bachelor’s degree in information security, Computer Science, Engineering, Technology, or a similar

degree

• Knowledge of security best practices and concepts
• Organized, responsive, and thorough problem-solving and analytical skills.
• Strong communication, interpersonal and presentation skills
• Keen cyber threat-landscape interest and awareness
• Familiar with TCP/IP protocol, OSI Seven Layer Model, LAN/WAN terminologies
• Knowledge of Windows, Unix-based systems, architectures, and network security devices
• Must have a solid understanding of information technology, information security domains.
• Personal drive, positive work ethic to deliver results within tight deadlines and in demanding

situations.

• Good to have - at least one of the following certifications – ISC CC (Certified in CyberSecurity)

Preferred candidate profile