Senior IT Security Analyst

About ERGO Technologies and Services India

ERGO Technology & Services India (ET&S India) is the newest part of the ERGO Technology & Services Management the main outsourcing provider of IT for ERGO worldwide. It is backed up by ERGO an 18 Billion Euro Organization with presence in 15+ countries has a charter to provide technology services to the ERGO countries in multiple countries.

ETS India will be fueling the Digital aspirations of ERGO world in years to come. With ambitious plan to build a large offshore development centers in multiple cities of the country ETS India shall be at the forefront in developing capabilities and providing career opportunities to employees in diverse technologies across domains of Insurance.

Role Description :

The Senior IT Security Analyst / IT Security Lead is an individual contributor position within the company's global Threat Hunting Team, we are seeking a skilled and motivated Threat Hunting Specialist to join our global team. In this role, you will play a critical part in proactively identifying and mitigating advanced threats across the organization.

Leveraging CA&RR (Compromised Assessment & Rapid Response), an advanced persistent threat scanner and other cyber security tools, you will support the companys threat hunting operations by proactive identification of threats. The role also include, conducting digital investigations, analyzing security incidents, mitigating cyber risk and providing incident response recommendations.

You will be responsible for managing scans in , evidence acquisition, analysis of malware files, data breaches and unauthorized access by using CA&RR (Compromised Assessment & Rapid Response) & other cyber security tools. You will also have active contributions in the incident investigations and cooperate with CSIRT (Computer Security Incident Response Team), CTI (Cyber Threat Intelligence) and SOC (Security Operations Center) Global Teams. In case there is a need for follow-up activities and collection of evidence, you will be responsible for coordinating the work of different cross-functional teams.

Key Accountabilities & Responsibilities:

• Scan management for a Compromise Assessment and Rapid Response (CA&RR) tool for various internal customers in the ERGO group

• Analysis of findings in the CA&RR tools (e.g. detecting backdoor, attackers' tools, system misconfigurations, forensics artifacts or malicious activity)

• Development of rapid response playbooks

• Analysis of malware files

• Creation of custom YARA and Sigma rules

• Perform threat hunting iterations based on feed delivered from CTI Team and research on recent campaigns using EDR, APT Scanner and other security tools

• Definition of threat remediation strategies for various internal customers in the ERGO group

• Development and refinement of hypothesis to detect threats

• Provide detailed reports on threat hunting iterations against known hacker groups

• Cooperation with technical teams as the SOC, CTI and CSIRT

Key Competencies & Skills Required

Technical:

• Hands-on experience with hardware/software tools used in incident response, computer forensics, network security assessments

• Understanding of Windows internals and Active Directory environments

• Knowledge of Linux environment and Linux forensic skills

• Understanding of MS Defender EDR and MS Sentinel environments to use KQL queries for threat hunting purposes

• General understanding of computer networking concepts and protocols

• Understanding of scripting languages

• Strong understanding of the Cyber Kill Chain, MITRE ATT&CK Framework, and modern threat actor TTPs

• Ability to stay focused, keep calm and work under high stress

• Ability to communicate with technical and business stakeholders

• Ability to work in a multinational and multicultural environment

• Strong teamwork culture with effective collaboration, cross-group partnership

• Being an innovator, creative, passionate, independent, and motivated to make a difference and help reducing cyber risk for ERGO Group

Minimum Educational Qualification:

Bachelors or Masters degree in Computer Science / Information Technology / Others

Certification if any:

Security+, CySA+, CEH, SC200 and/or equivalent certification is preferred Years Experience &

Knowledge:

2 to 6 years of experience