Cyberwatch Analyst

6 days ago

Mumbai, Maharashtra, India Stratlink It Consulting And Solutions Private Limi Full time ₹ 12,00,000 - ₹ 36,00,000 per year

Job Purpose/Summary:

The Cyberwatcher is responsible for proactively searching and identifying cybersecurity threats within the organization's assets.

He will be in contact with the Identify team to obtain information to help him carry out this task, but he must also keep a watchful eye to anticipate the hunts. Cyberwatcher will liaise with the React team to ensure that, once findings are successful, the containment and eradication process can be implemented with his assistance and information. After the incident is closed, he will create detailed incident reports and contribute to lessons learned in collaboration with the relevant team. He will also collaborate with the Offensive Security team during purple team exercises to enhance his Threat Hunting campaigns

This role involves creating valuable defense to potential threats to ensure the security and integrity of the organization's digital assets.

Role & responsibilities

Maintain expert knowledge of Advanced Persistent Threat (APT) Tools, Techniques and Procedures (TTPs), forensics and incident response best practices.

  • Use threat intelligence and threat models to build threat scenarios.
  • Prepare and conduct threat-hunting campaigns to check threat scenarios.
  • Research, analyze and correlate a wide range of data sets from any source.
  • Proactive and iterative research into systems and networks to detect advanced threats.
  • Reporting risk analysis and threat findings to the relevant stakeholders.
  • Identify and provide automated alerts for emerging and historically unknown threats.
  • Co-operate with multiple teams within operations, intelligence and engineering to continuously improve security checks and detection performance.
  • Participate PTXs (purple team exercises) by monitoring new detection capabilities.
  • Manage reports, dashboards, metrics for CyberSOC KPIs and presentation to senior management & other stakeholders.
  • Work closely with key stakeholders in technology, application, and cybersecurity to develop targeted use cases addressing specific advanced persistent threat (APT) behaviors.

Preferred candidate profile

Key Performance Indicators:

Maintain expert knowledge of Advanced Persistent Threat (APT) Tools, Techniques and Procedures (TTPs), forensics and incident response best practices.

  • Use threat intelligence and threat models to build threat scenarios.
  • Prepare and conduct threat-hunting campaigns to check threat scenarios.
  • Research, analyze and correlate a wide range of data sets from any source.
  • Proactive and iterative research into systems and networks to detect advanced threats.
  • Reporting risk analysis and threat findings to the relevant stakeholders.
  • Identify and provide automated alerts for emerging and historically unknown threats.
  • Co-operate with multiple teams within operations, intelligence and engineering to continuously improve security checks and detection performance.
  • Participate PTXs (purple team exercises) by monitoring new detection capabilities.
  • Manage reports, dashboards, metrics for CyberSOC KPIs and presentation to senior management & other stakeholders.
  • Work closely with key stakeholders in technology, application, and cybersecurity to develop targeted use cases addressing specific advanced persistent threat (APT) behaviors .

Bachelors degree in Computer Science, Information Security, EXTC or related field.

  • Relevant certifications (e.g., CISSP, CCSP, CompTIA Security+) are highly desirable.
  • Proven experience (3+ years) working within the Cybersecurity field, with emphasis on Threat Hunting.
  • Experience with Palo Alto XDR and/or other SIEM platforms like Sentinel, Qradar, Splunk, ArcSight, etc.
  • Experience with Palo Alto XSOAR and/or equivalent SOAR Platforms like Resilient, Phantom, etc.
  • Expertise in network, host (Windows and Linux systems) and cloud investigations.
  • Proficiency in scripting languages such as Python or PowerShell and regular expressions.
  • Knowledge of data mining and/or machine learning.
  • Skills in identification of cyber-attack campaigns.
  • Experienced in hunting for data using tools such as a SIEM.
  • Capacity to analyze malware, extract indicators and create signatures in Yara, Snort and IOC.
  • Robust analytical abilities and the skills to investigate, write, communicate and inform audiences at different levels, including management.

Behavioral Skills/Competencies:

  • Has a systematic, disciplined, and analytical approach to problem solving.
  • Excellent ability to think critically under pressure.
  • Strong communication skills to convey technical concepts clearly to both technical and non-technical stakeholders.
  • Willingness to stay updated with evolving cyber threats, technologies, and industry trends.