Advanced Cyber Security Operations Analyst

We are seeking an advanced Cyber Security Operations Analyst to join our team, responsible for performing in-depth analysis of security incidents, conducting thorough investigations, and implementing effective mitigation strategies to protect organizational IT infrastructure.

• 1. Incident Analysis and Response:

  The selected candidate will investigate escalated security incidents from Tier 1, including malware infections, advanced persistent threats (APTs), phishing campaigns, and unauthorized access attempts.

  • Perform root cause analysis to identify the source, scope, and impact of incidents.
  • Implement containment, eradication, and recovery measures, such as isolating compromised systems or applying security patches.
• 2. Threat Hunting and Proactive Monitoring:

  Conduct proactive threat hunting using SIEM tools and endpoint detection and response (EDR/XDR) platforms.

  • Analyze Indicators of Compromise (IoCs) and Tactics, Techniques, and Procedures (TTPs) to identify potential threats.
  • Correlate logs and alerts to detect patterns of malicious activity.
• 3. Security Tool Optimization:

  Configure and fine-tune security tools, including SIEM and SOAR platform.

  • Develop and update SIEM rules, dashboards, and alerts to improve detection accuracy.
• 4. Documentation and Reporting:

  Document incident details, including timelines, findings, and remediation steps, in ticketing systems.

  • Prepare detailed incident reports and post-incident reviews for management and compliance purposes.
  • Contribute to the development of standard operating procedures (SOPs) and playbooks for incident response.
• 5. Collaboration and Escalation:

  Work closely with Tier 1 analysts to mentor and guide them on alert triage and basic incident handling.

  • Collaborate with Senior Analysts, threat intelligence teams, and IT departments for advanced investigations and remediation.
  • Liaise with external stakeholders, such as CERT-In or third-party vendors, during major incidents.
• 6. Threat Intelligence Integration:

  Incorporate threat intelligence feeds into security monitoring processes.

  • Stay updated on emerging cyber threats, vulnerabilities, and attack trends relevant to the organization's industry.

A bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field is required. Relevant certifications or equivalent experience may substitute.

Minimum 4 years of experience in cybersecurity, preferably in a SOC environment or as a Tier 1 analyst. Hands-on experience with incident response is essential.

Technical Skills:
- Advanced knowledge of networking protocols (TCP/IP, DNS, VPN) and operating systems (Windows, Linux, macOS).
- Proficiency with SIEM platforms, EDR/XDR tools, and network security appliances.
- Experience with log analysis, packet capture tools (e.g., Wireshark), and scripting (e.g., Python, PowerShell, Bash) for automation.
- Familiarity with cloud security (e.g., AWS, Azure, Google Cloud) and related tools is a plus.
- Understanding of attack frameworks like MITRE Telecommunication & CK and common vulnerabilities (e.g., CVE database).
- Certifications (preferred):
- CompTIA Security+, CISSP
- Certified Ethical Hacker (CEH)
- GIAC Certified Incident Handler (GCIH)
- Strong problem-solving and critical-thinking skills.
- Ability to work under pressure and handle multiple incidents simultaneously.
- Excellent communication skills to explain technical findings to non-technical stakeholders.
- Team mentoring and leadership capabilities.

We offer a dynamic work environment, competitive salary, and opportunities for growth and professional development.

This role requires occasional rotation shifts and on-call availability.