Security Operations Analyst

  • Competitive
  • Bangalore, Karnataka, India
  • Permanent, Full time
  • IG Group
  • 21 May 19

Security Operations Analyst

Job Title
Security Operations Analyst

Job Description

IG's Information Security Operations team (SOC) are responsible for managing security related events within IG. The goals of the team are to ensure that issues adversely affecting the business are quickly diagnosed, workarounds are determined, proper root cause analysis is performed and actions are taken to ensure that the issue does not reoccur.

The Security Operations function is a vital piece of the organisation ensuring company information and systems are protected from unauthorized access, disruption, modification or destruction. This is accomplished using various operational security controls, processes and policies.

Core functions include:

Security Monitoring

  • Monitor a wide variety of security tools directly and via the SIEM as necessary to detect cyber-attacks and other unauthorised activity.
  • Drive the creation and refinement of security monitoring rules, techniques and processes.
  • Proactively hunt for evidence of threats or compromise using all available tools.

Incident Management
  • Gather data and perform the initial analysis for newly discovered security incidents, classifying and triaging as appropriate.
  • Investigate and resolve security incidents both independently and in collaboration with the wider SOC team.
  • Ensure accurate logs are made of all actions during incident response activities, and produce a final report detailing the incident timeline.
  • Perform root cause analyses, recommend process improvements, and write final post-incident reports.

Vulnerability Management
  • Perform regular automated vulnerability scans and interpret the results for affected teams and asset owners.
  • Supplement automated scanning with manual scans and basic penetration testing techniques where necessary.
  • Track remediation activities, provide remediation assistance where required, and ensure vulnerabilities are closed within the defined time limits.

Security Policy Review and Maintenance
  • Perform regular reviews and audits of technical security controls, including firewall policies, DLP policies, Active Directory permissions, and SIEM log collection.
  • Help meet company compliance requirements by supporting internal and external audits, risk assessments and reviews.
  • Assess requests for exceptions and whitelisting in security controls (such as firewalls, web proxies, DLP, etc) and approve or deny according to defined guidance.
  • Ensure all defined workflows and decision matrices are maintained up to date and meet the needs of our security policies and standards.

Reporting & Documentation
  • Assist with the preparation of regular reports and the collection of defined metrics.
  • Take an active role in the creation and continual improvement of SOC process and procedures documentation, as well as the refinement of automated workflows.

Other
  • Assist with the training and development of other SOC team members.
  • Perform any other tasks and projects as required to assist the effective operation of the SOC.


Essential Skills and Attributes:

This is an experienced role, and therefore candidates are expected to convincingly satisfy most of the listed requirements. Successful candidates will demonstrate an independent and self-motivated approach to continuing the development of their skills and knowledge.
  • Minimum 2 years of experience in operational security roles is required, with previous SOC experience strongly preferred.
  • Deep familiarity with one or more SIEM tools is required.
  • A good knowledge of a wide variety of security products is required.
  • A strong understanding of technical IT concepts is required, including:
    • Windows and Linux operating systems and system administration
    • Networking, including TCP/IP and other common protocols
    • Microsoft Active Directory
    • Command line interfaces and scripting
  • Understand the role, benefits/downsides, and standard use cases of technical security products, such as firewalls, anti-virus, web proxies, SIEM, IDS/IPS, DLP, and EDR.
  • Familiarity with vulnerability scanning and penetration testing tools and techniques.
  • Strong ability to focus and complete detailed tasks with high degree of accuracy.
  • Able to communicate complex information clearly and logically, both verbally and in writing.
  • Proficient with MS Office for general collaboration, communication and reporting.


Desirable Skills:
  • Experience with network forensic tools, such as network sniffers and protocol analysers.
  • Practical experience with penetration testing tools and techniques
  • Experience of working in a global organisation.
  • Experience of working in the finance or technology sectors.
  • Interest in financial products


Qualifications:

A university degree in one of the following fields is preferred (but not required):
  • Cyber / Information Security, Digital Forensics, Ethical Hacking
  • Computer Science, Software Development, Network Engineering
  • Mathematics, Physics and other STEM subjects

Other desirable certifications include:
  • CISSP
  • CEH, CREST, OSCP
  • Security+, Network+
  • Vendor certifications for Microsoft, Linux, cloud, networking or security products


Number of openings
1