Associate, Cybersecurity MDR

Ankura is a team of excellence founded on innovation and growth. Location: Conditional Remote / Gurgaon Hours: 40 hours a week Reporting: Director - Threat Detection Operations (TDO) Duties include continuous monitoring of Security Information Event Management (SIEM), EDR, XDR, DLP and related platforms for correlated events and alerts and working with the client to take action. Analysts leverage events to determine the impact, document possible causes, and provide useful information to clients. A deep understanding of various commercial and open-source network sensors, intrusion detection systems, and event log correlation engines is required as analysts are expected to deliver enhanced threat awareness and knowledge through research and continuous improvement of use cases, signatures, and metrics. Knowledgeable in various IR response commands related to Windows, Linux and advanced attack techniques related to Endpoints and servers Analysts are also expected to maintain open communication and visibility with their team members, Senior Analysts, Directors, and Clients. Usually, employees will be permitted to work remotely in the current operational setup however that setup may change based on company and/or business needs, with or without notice. It may also be considered a conditional privilege as the employees are personally responsible to maintain uninterrupted availability and communication via all official channels throughout their designated shifts. If the employee's performance cannot be satisfactorily ascertained by their manager or the employee is unable to adapt to work without disturbance, they may be called upon to work out of the companys office.CAPABILITIES Preferred to have some formal training or experience in delivering Managed Security or Managed Detection and Response Services. Preferred to have a sound understanding and up-to-date knowledge of common security threats, attack vectors, vulnerabilities, exploits, and Network Architecture / Protocols (such as OSI, TCP/IP, P2P, etc.) and Packet Analysis. Must have hands-on experience to correlate and analyze information, raw logs, and complex data sets from a wide variety of enterprise technologies including but not limited to SIEM, UEBA, EDR, IDS, IPS, Proxy, Firewall, DLP, and other Threat intelligence tools and Telemetries for anomalous activity and items of interest. Preferred to have the necessary experience to conduct initial triage of security events and incidents; determine the priority, criticality, and impact; facilitate communication within the SOC, escalate to the client for containment and remediation, and document/journal progress throughout the Incident Response Lifecycle within the respective service level objectives. Experience in conducting research analysis and data gathering requirements to present in a report format is preferred. Should be able to develop/follow standard processes and complete documentation as needed. Should be detail-oriented and able to work independently and communicate effectively both verbally and in writing. Must be flexible enough to work in a 24x7 rotational shift setup, including overnight, weekend, and national holidays.TECHNICAL Traditional SIEM ArcSight ESM. Emerging SIEM such as MS Azure Sentinel, Exabeam, Obsidian. Experience in handling investigations related to XDR and Good knowledge of latest endpoint/Server based attacks Endpoint awareness for Carbon Black, CrowdStrike, SentinelOne, MS Defender. Knowledge of IR process, Ticketing tools Understanding of KQL, Lucene, Python, and/or other similar programming/query/scripting languagesEDUCATION, TRAINING & CERTIFICATIONS: Minimum Experince in SOC/IR 1 yrs plus Preferred to have a degree in CS/IT or a Masters's Diploma in the field of IT Security from specialized schools Preferred to have relevant entry-level or mid-level security certifications such as CEH, Security+.COMMUNICATION Comfortable working in a remote work environment including web-based team management and collaboration applications, and time-keeping systems e.g. Slack, Microsoft Teams, Intapp, and Workday. Ability to communicate complex ideas effectively, both verbally and in writing in English and the local office language(s) Able to provide reports showing progress or achievement of assigned goals and responsibilities as required. Must be an active listener and ask questions of others when clarity is needed Ability to gain an understanding of client needs and apply analytic reasoning Demonstrates proactive engagement in meetings and process discussionsKEY PERFORMANCE INDICATORS Analyze client networks for threats using analytical platforms for event monitoring such as NSM, SIEM, UEBA, ETDR. Deliver client reports based on analyses that are timely, high quality, and accurate. Understand and support incident response and triage Improve reporting to avoid analysis paralysis. Develop new skills within analytical platformsINDIVIDUAL & TEAMWORK Must be able to effortlessly switch between independent and team-based work Understands that the work product is dependent on team efforts and remains responsive to internal and external deadlines Able to share expertise and experience with team members to encourage growth and shared success Able to maintain focus and attention to detail for sustained periods of time Engaged in supporting the development and growth of all team membersGROWTH MINDSET Can receive and provide feedback in a constructive manner that leads to the growth of self and others. Displays perseverance of effort and passion for a long-term goal and end state. Works well under timelines and puts in extra effort as required to meet timelines. Self-motivated to identify areas for team & process improvement and collaborate with others to develop creative solutionsLEADERSHIP TRAITS Willing to adapt leadership skills to support larger and more complex projects. Work product for self and team is consistently of excellent quality and efficiency. Respectful and professional in all interactions with team members, clients, and colleagues. Maintains composure and calm disposition under high-pressure or stressful circumstances.#LI-JK1,

Sign-in & see how your skills match this job

Sign-in & Get noticed by top recruiters and get hired fast

Threat Analysis, Vulnerability Management, Penetration Testing,Cybersecurity Operations, Collaboration , Communication, CrowdStrike Falcon platform, LANWAN management, Intrusion DetectionPrevention Systems IDSIPS, VPN management, Incident Response, SIEM tools, Endpoint Security Solutions, Documenting Security Configurations, Security Policies , Procedures

Network security, Security audit, Data Loss Prevention, Password Management, Java, Python, Perl, Ruby, C,Endpoint detection , response, Web Content Filtering, SIEM SOAR solutions, Container security, Orchestration tools, AWS Cloud services, Web Application Firewalls, Intrusion Detection Systems, Resilient SOAR

Security Systems, Compliance, Firewalls, Penetration Testing, Security Awareness, Security Tools, Security Controls, Patch Management, MAC, OS, NIST, Network Architecture, System Architecture,Cybersecurity, Security Standards, Vulnerability Assessments, Incident Response, Intrusion Detection Systems, Access Controls, Antivirus Software, Risk Assessments, Security Incidents, Network Vulnerabilities, Security Frameworks, CIS, GDPR, Security Certifications

Data Analysis, Visualization,Threat Hunting, Active Monitoring, Brand MonitoringAbuse, Deep , Dark Web Monitoring, Threat Group Malware Knowledge, Data Collection Analysis, STIXTAXII Knowledge, Recorded Future, OSINT, MISP, Maltego, Platform Deployment, Hypothesis Development, Log Source Integration, Correlation Queries, IOC Creation, Historical Analysis, Threat Intelligence Feeds, Automation Reporting, Techniques Enhancement, Machine Learning for Threat Prediction

Threat Analysis, Vulnerability Management, Penetration Testing,Cybersecurity Operations, Collaboration , Communication, CrowdStrike Falcon platform, LANWAN management, Intrusion DetectionPrevention Systems IDSIPS, VPN management, Incident Response, SIEM tools, Endpoint Security Solutions, Documenting Security Configurations, Security Policies , Procedures

Network security, Security audit, Data Loss Prevention, Password Management, Java, Python, Perl, Ruby, C,Endpoint detection , response, Web Content Filtering, SIEM SOAR solutions, Container security, Orchestration tools, AWS Cloud services, Web Application Firewalls, Intrusion Detection Systems, Resilient SOAR

Security Systems, Compliance, Firewalls, Penetration Testing, Security Awareness, Security Tools, Security Controls, Patch Management, MAC, OS, NIST, Network Architecture, System Architecture,Cybersecurity, Security Standards, Vulnerability Assessments, Incident Response, Intrusion Detection Systems, Access Controls, Antivirus Software, Risk Assessments, Security Incidents, Network Vulnerabilities, Security Frameworks, CIS, GDPR, Security Certifications

Data Analysis, Visualization,Threat Hunting, Active Monitoring, Brand MonitoringAbuse, Deep , Dark Web Monitoring, Threat Group Malware Knowledge, Data Collection Analysis, STIXTAXII Knowledge, Recorded Future, OSINT, MISP, Maltego, Platform Deployment, Hypothesis Development, Log Source Integration, Correlation Queries, IOC Creation, Historical Analysis, Threat Intelligence Feeds, Automation Reporting, Techniques Enhancement, Machine Learning for Threat Prediction