IT Security Analyst II

Job description

• To be part of a global security operations center and be responsible for - proactively identify threats and vulnerabilities; implement industry best practices; participate in the review and resolution of opportunities from both internal and external IT security audits; provide recommendations to the overall IT security posture of the organization; and participate in the creation of IT security awareness communications to the organization that adhere to corporate safety and security regulations

Responsibilities:

• Investigate and provide proper incident response to security alerts.
• Identify new security use cases and create required detection rules in the system.
• Work with the customer to gather requirements, propose use cases and build them in Splunk.
• Perform administration activities in Splunk including integration of log sources, creation of queries for security use cases, dashboards, troubleshoot issues.
• Assist and train team members on how to investigate and respond to various security threats.
• Manage and support wide range of security technologies including SIEM, EDR, Vulnerability Scanners, Identity and Access Management, Data Loss Prevention, and Cloud Security.
• Participate in security solution design and security consultation.
• Work with the customer point of contacts for any escalated incidents, security remediation.
• Create required dashboards and provide reports.
• Actively participate in customer meetings and give presentations.

Job Requirements:

• Bachelors degree in Computer Science, Information Security, or an equivalent degree.
• 4+ years of working experience in Information Security.
• Vast experience in Splunk Enterprise and Enterprise Security.
• Have experience in integration of log sources, defining use cases, creation of new correlation rules, creation of dashboards, implementing best practices in Splunk environment.
• Good understanding of security threats and mitigation strategies.
• Have in-depth knowledge on how to investigate and respond to various security alerts, and can able to create incident response procedures for same.
• Certification in any of the following is a plus: Splunk Certified Admin/Architect, CEH.
• Demonstrated excellent response to critical incidents and security threats in the past.
• Excellent analytical, presentation, customer service and facilitation skills.
• Ready to work in 24x7 Security operations.