Rc Sprc Ct Mgd Security Srassc

At RSM, SOC analysts work with large and small companies in variety of industries. They develop strong working relationships with their peers within the security operations center (SOC) while learning their clients’ businesses and challenges facing their organizations.
- Senior analysts work as part of a broader team leading a group of analysts in support of multiple clients. Working in a mutually respectful team environment helps our senior analysts perform at their best and integrate their career with their personal life. You will have the opportunity to:

- Model the core RSM values of respect, integrity, teamwork, excellence, and stewardship in all interactions with clients and team members
- Develop an understanding of the RSM managed security services approach, methodology and tools
- Perform initial analysis and investigation into alerts as they are seen
- Performing initial malware analysis utilizing automated means
- Supporting cyber defense functions to protect our clients from cyber security incidents that have potential to cause negative impact
- Incident intake, ticket updates and reporting of cyber events
- Use security operations centre (SOC) monitoring devices (SIEM, IDS, DLP) to review and analyse pre-defined events indicative of incidents
- Understanding, identifying and researching indicators of compromise (IOCs)
- Uploading packets and evaluating source/destination activity and payloads
- Assisting in recommendations for content to detect incidents, including IOCs for blocking and detection
- Responsible for participating in threat actor-based investigations, creating new detection methodologies, and provided expert support to incident response and monitoring functions
- Lead response and investigation efforts into advanced/targeted attacks.
- Hunt for and identify threat actor groups and their techniques, tools and processes.
- Provide expert analytic investigative support of large scale and complex security incidents.
- Perform root cause analysis of security incidents for further enhancement and continuous improvement.
- Work collaboratively as a part of the team and communicate effectively with RSM consulting professionals, supervisors, and senior management in the U.S. daily
- Ensure professional development through ongoing education

Qualification:

- B.Tech/ MCA/ MBA (IT/IS) with a minimum of 1-6 years of previous SOC experience or incident response process experience, including detecting advanced adversaries, log analysis, and/or malware triage experience
- Must have a naturally curious mindset and approach
- Experience with several threat detection and intelligence tools
- Knowledge of operating systems including Linux/Unix and Windows
- Security incident and event management (SIEM) tools such as but not limited to Splunk, LogRhythm, Devo, Elastic etc.
- Strong analytical and investigation skills & active threat hunting and adversary tracking
- Working knowledge of security architectures, devices and threat intelligence consumption and management
- Working knowledge of root causes of malware infections and proactive mitigation
- Working knowledge of lateral movement, footholds, and data exfiltration techniques
- Experience working with NetFlow, PCAP analysis, packet flow, TCP/UDP traffic, firewall technologies, IDS technologies, proxy technologies, antivirus, spam and spyware solutions
- Ability to convert intelligence into actionable mitigation and technical control recommendations

Outstanding time management and multitasking skills with a high level of attention to detail

Beneficial, but not required, includes:

- Working Knowledge of common cloud platforms - Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform
- Security orchestration and automated response (SOAR) tools such as: Demisto, Phantom, Forescout, etc.
- Knowledge and proficiency with popular cloud security services (VPC, RDS, IAM, WAF, IDS/IPS, AS3, SQS, SNS, CloudWatch, CloudTrail, Inspector, Config, etc.)
- Working Knowledge of vulnerability tools such as: Kenna, Tenable, Qualys, etc.
- Threat intelligence tools such as Recorded Future and ThreatConnect
- Endpoint detection and response tools such as: CarbonBlack, Crowdstrike, Wazuh etc.
- Microsoft Office 365
- Cloud access service brokers such as Netskope, ZScaler, McAfee, Forcepoint