Security Operations Analyst L3

At Armor, we are committed to making a meaningful difference in securing cyberspace. Our vision is to be the trusted protector and de facto standard that cloud-centric customers entrust with their risk. We strive to continuously evolve to be the best partner of choice, breaking norms and tirelessly innovating to stay ahead of evolving cyber threats and reshaping how we deliver customer outcomes. We are passionate about making a positive impact in the world, and we're looking for a highly skilled and experienced talent to join our dynamic team.

Armor has unique offerings to the market so customers can a) understand their risk b) leverage Armor to co-manage their risk or c) completely outsource their risk to Armor.

Learn more at:

This position is a hybrid role located in Pune, India, requiring a combination of in-office and remote work. Applicants must be based in Pune or willing to commute to the office as needed.
Summary
Armor is seeking a talented and motivated individual to serve as a Security Operations Analyst L3. The Analyst would perform advanced, senior-level cybersecurity analysis work. The role involves protecting cybersecurity assets and delivering cybersecurity incident detection, incident response, threat assessment, cyber intelligence, software security, and vulnerability assessment services. May supervise the work of others. Works under minimal supervision, with extensive latitude for the use of initiative and independent judgment.

Essential Duties and Responsibilities (Additional duties may be assigned as required.)

• Performs deep-dive analysis of information systems, portable devices, and forensic recovery of data using assessment tools.
• Monitor, investigate, analyze, and remediate indications of compromised or breached systems and applications.
• Perform Incident Response triage of live hosts, interacting with various Operating Systems [Win/Linux].
• Use and reporting of a large -scale SIEM and Data Analytics implementation in a dynamic cloud service provider environment.
• Work with customers through the Incident Management process based on NIST and SANS best practices when issues are detected.
• Monitor and enforce guidelines for best practices in security and compliance in accordance with NIST
• Research and investigate new and emerging threats and vulnerabilities.
• Participate in security communities.
• Review, maintain, and develop processes and procedures for information collection, analysis, and dissemination.
• Mentor junior analysts and serve as an escalation point during Incident Response activities.

Required Skills

• Thorough understanding of Operating Systems [Win/Linux], Networking, and Information Security.
• Thorough understanding of security threats, threat analytics and current mitigation techniques.
• Skilled in Incident Response and network security monitoring.
• Public Cloud Administration and Cloud Security knowledge (Azure, AWS, GCP).
• Hands-on experience with a range of security tools such as IDS, WAF, Anti-malware, FIM, SIEM, EDR, and others.
• Technically proficient in network communication using IP protocols, system administration knowledge of computer network defense operations (proxy, firewall, IDS/IPS, route/switch).
• System security and SIEM operations experience.
• Proficient in use of EDR/XDR tools such as Defender for Endpoint for advanced threat investigation and containment.
• Collaborate with detection engineers or SMEs to refine and develop correlation rules, detection rules, scripting and automation playbooks.
• Experience with Threat Intelligence and Threat Hunting.
• Ability to work evenings/weekends shifts as required and to be on-call 24x7 to serve as the escalation point for your team.
• Experience in security incident reporting and procedures.
• Able to handle private and confidential information with physical and ethical care.
• Must have a working understanding of key security concepts and attack types such as phishing, malware, vulnerabilities, Cyber Kill Chain, and attack stages and others. Understand threat actor tactics, techniques and procedures, have familiarity with the MITRE-ATT&CK Framework and different stages of an attack lifecycle.
• Able to conduct log analysis, network/email traffic assessment, assess the impact and blast radius and gather evidence for response and mitigation actions.
• Excellent communication (oral and written), interpersonal, organizational, and presentation skills including interactions with customers via phone calls, chat, incident tickets and emails.
• Creative problem solver with effective resolution ability and analytical skills.
• Able to articulate technical i deas at m ultiple levels, ability to establish and maintain credibility with business constituents at all levels.
• Must be effective in managing time, and service levels, and prioritizing tasks between a diverse set of assigned duties.

• Must possess or be able to obtain the following certifications within 90 days of starting:

• Microsoft Certified: Security Operations Analyst Associate (SC-200)

• Microsoft Identity and Access Administrator Associate (SC-300)

• Microsoft Certified: Azure Security Engineer Associate (AZ-500)

• 5-10 years of direct experience in the field of Information Security required including an educational background in a related technical discipline, or the equivalent combination of education, professional training, or work experience.

• Other desirable certifications include CISSP, CISA, OSCP, GIAC, GSEC and GCFA.
• Self-starter and self-learner with the ability to work in a flexible and production-orientated environment/ adaptability to change.
• Consistently leads with a curious mind to stay abreast of emerging trends, tactics, and an ever-changing technological landscape to enhance Armor's Security Posture.

WHY ARMOR
Join Armor if you want to be part of a company that is redefining cybersecurity. Here, you will have the opportunity to shape the future, disrupt the status quo, and be a part of a team that celebrates energy, passion, and fresh thinking. We are not looking for someone who simply fills a role – we want talent who will help us write the next chapter of our growth story.

Armor Core Values

• Commitment to Growth: A growth mindset that encourages continuous learning and improvement with adaptability in the face of challenges.
• Integrity Always: Sustain trust through transparency + honesty in all actions and interactions regardless of circumstances.
• Empathy In Action: Active understanding, compassion and support to the needs of others through genuine connection.
• Immediate Impact: Taking initiative with swift, informed actions to deliver positive outcomes.
• Follow-Through: Dedication to delivering finished results with attention to quality and detail to achieve the desired outcomes.

Work Environment
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. The noise level in the work environment is usually low to moderate. The work environment may be in either an office setting, at the company's data center, at a client location or at an industry trade event.

Equal Opportunity Employer
- It is the policy of the company to comply with all employment laws and to afford equal employment opportunity to individuals in all aspects of employment, including in selection for job opportunities, without regard to race, color, religion, sex, national origin, age, disability, genetic information, veteran status, or any other consideration protected by federal, state or local laws.