Role : Tier 2 SIEM Threat Analyst

Experience : 3-5 years

Work location : Remote (Anywhere in India)

Shift Type : US Shift

Bachelor's in Cybersecurity or equivalent

Job Description :

Under the Managed Security Services and XFTM portfolio, The IBM Tier 2 (L2 Named & Dedicated) Analyst is directly responsible for conducting secondary triage and analysis on escalated events and initial remediation for escalated incidents.

Analysts will use SIEM technology and additional toolsets specific to the client environment to aid the identification and triage of malicious incidents in the process of investigate alerts that are escalated from Tier 1, the client, or from intelligence sources. Analysts will work with engineering teams to assist in the creation and modification of alerting rules in the SIEM. The Analyst will communicate with the client on a regular basis through various methods to ensure operational awareness. The Analyst will be charged with creating and maintaining metrics for the client.

Additional Tier2 analyst tasks are:

• Assess the impact to systems (critical, sensitive data) and provide directions to Tier 1, Technology Management teams and recommendations to the Client team.
• Perform an advanced analysis of log files, threat vector indicators, vulnerability analysis, external reports, internal guidance to identify false positive and true positive events.
• Collect contextual information, pursue technical root cause analysis, and attack method analysis. Provide Technical Root Cause Analysis on escalated security incidents.
• Develop baselines, impact analysis, and data source criticality based on asset classification to determine priority. Upgrade or downgrade Tier 1 assigned potential event priority.
• Notify Tier1 of False Positives so appropriate action is taken by them. Provide feedback to Tier1 monitoring team as part of continuous improvement plan.
• Determine to treat the alert as a security incident and assign a severity level. Responds based on priority and business impact. Respond to events according to documented procedures and industry best practices.
• Escalate alerts to TIER 3 or equivalent client team as documented in communication plan. Escalate as appropriate to the Client team or Services technology management team based on the SIEM offense priority and agreed upon workflow.
• Implement custom processes in the client’s Incident Response Plan (IRP) for notification and alerting
• Methodically work through analyzing the false positive
• Seek customer approval to Whitelist or configure additional rules to address false positives
• Participate in mailing list, forums, SocNet feeds, read advisories to identify Indicators of Compromise (IOC) for specific client industry segment or client profile
• Update watchlist, upload watch list to SIEM for the tool to leverage as part of event analysis
• Look into history depending on severity to determine if it had a past connection
• Advises Administrators, Correlation Engineers, Architects, Account managers through appropriate established communication methods as per communication plan ( ex. Tickets or review meetings ) on changes needed to security stack to prevent future occurrences
• Tuning recommendations to the SIEM rules to adjust the specifications of alerts and incidents.
• Incident classification and prioritization recommendations.
• Recommend use case tuning for enhanced detection based on audits and reviews of potential black list and white list events.
• Provide feedback to Threat Monitoring and support forensic analysis as required indicating Business Impact.
• Provides feedback on quality of assessment to Tier 1 Monitoring team.

Required Skills:

- 3+ years of experience operating in a Security Operations Center Analyst or similar role

- Sound knowledge of SIEM technology

- Apply various techniques to identify and track cyber threats

- Fully analyze various data sources related to security events

- Proficient verbal and writing skills

- Experience with analyzing cyber intelligence

- Security + or equivalent certification

- IBM Certified Associate Analyst

-

Preferred Education:

- 3+ years of experience operating in a Security Operations Center Analyst or similar role

- GCIA or equivalent certification

- Bachelors in Cybersecurity or equivalent

- CCNA Routing & Switching

Please share your resume  Nagella.Tanya@vervenest.com

Linkedin :: https://www.linkedin.com/in/tanya-a-213950211/