EY Senior Security Analyst -CDRC in Trivandrum, India

Senior Security Analyst -CDRC

Core Business Services

Requisition # GSS004Y5

Post Date Apr 23, 2018

Cyber Defense

Lead Security Analyst - CDRC

CDRC (Cyber Defense Response Center) Senior Security Analyst who will be responsible to work collaboratively with peers and supervisors for providing effective security monitoring and incident response through triage, investigation, communication, and reporting. He/She will also work collaboratively with team members and managers to respond to and resolve information security incidents, maintain and follow procedures for security alerting, and participate in security investigations. He/She should be capable of identifying vectors of threats and incidents, and develops documentation to support the incident response process. He/She needs to articulates security issues and recommendations to IT project teams and management.

Essential Functions of the Job :

  • Operate as Second/Third level support to a 24x7 Cyber Defense Response Centre.

  • Act as the primary point of contact for reporting, monitoring, and tracking reported events and operational events.

  • Identify, prioritize and respond to security threats.

  • Will operate in a close team of computer/digital forensic, fraud, and other IT investigative experts.

  • Ensure that all incidents are recorded and tracked to meet audit, compliance and legal requirements.

  • Conduct root cause analysis to identify gaps and recommendations ultimately remediating risks to the firm.

  • Maintain an inventory of the procedures used by the CDRC and regularly evaluate the CDRC procedures and add, remove, and update the procedures as appropriate.

  • Publish reports to applicable teams.

  • Generate reports on Cyber Defense Centre activities.

Other Requirements:

  • Promote a security-first mindset, ensuring decisions are made without compromising core security objectives.

  • Should be willing to work in shifts (24/7).

Knowledge and Skills Requirements :

  • Fair Understanding of Linux, TCP/IP, Network Security, encryption standards etc.

  • Knowledge of various penetration testing and application testing methodology and tools is a definite plus.

  • Knowledge in application development (Microsoft technologies).

  • Excellent communication skills; written and verbal.

  • Good Attitude and Presentation skills

  • Good investigative, analytical and problem solving skills

  • Ability to work in a team, with little supervision and using own initiative

Analytical/Decision Making Responsibilities:

  • Actively investigates the latest security vulnerabilities, advisories, incidents, and penetration techniques and notifies the manager when appropriate.

  • Recognizes successful intrusions and compromises through review and analysis of relevant event detail information.

  • Coach less experienced team members on policies and procedures that contribute to maintaining the confidentiality, integrity, and availability of the data residing on or transmitted to/from/through enterprise workstations, servers, and other systems and in databases and other data repositories.

  • Assist in incident determination, ticketing and incident response, prevention and remediation

  • Maintains up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors

  • Engages in ongoing communications with peers in the Systems and Networking teams as well as the various business teams to allow for enterprise wide understanding of security goals, to solicit feedback and to foster co-operation

  • Able to weigh general business needs against security concerns being seen across the enterprise and industry, and articulate issues to supervisors Translates technical vulnerabilities in business risk enabling senior leadership to make informed decision

Supervision Responsibilities:

  • Coordinate escalations and collaborate with internal technology teams to ensure timely resolution of issues.

  • Will provide mentoring, support, and direction for other members of the team, as required

  • Helps team and colleagues understand the bigger picture of technical, ethical and financial needs.

  • Requires minimal supervision from management and frequently works on projects with only periodic updates to supervisor.

  • May seek guidance on increasingly complex projects

Education:

  • Bachelor’s degree in Computer Science, Information Systems, Engineering or related field.

Experience:

Minimum of 8+ years of experience in one or more of the following:

  • Working in a Security Monitoring/Security Operations Center environment (SOC)

  • Incident Handling and Incident Response.

  • Vulnerability assessment.

  • Deep Understanding of the following: Firewalls, Intrusion detection and prevention systems, antivirus and content & URL filtering, authentication solutions, switches, routers, VoIP, DMZ and latest intrusion detection platforms.

  • Experience in enterprise security architecture design and document creation

  • Experience with Splunk Enterprise Security is a plus

  • Understanding of electronic investigation and log correlation

  • Working knowledge of Linux and/or Windows systems administration (Including AD).

  • Scripting or programming (Shell scripting, Power Shell, C, C#, Java, etc.)

Desired Certifications:

  • CCNA/CCNA Security, RHCE, CCSA/CEH/CIH, GCIH, GCFA, GCIA, GSEC, GIAC, Security+ Candidates holding a CISSP, CISM, CISA, or similar certification, is a plus