EY Senior Security Analyst -CDRC in Trivandrum, India
Senior Security Analyst -CDRC
Core Business Services
Requisition # GSS004Y5
Post Date Apr 23, 2018
Lead Security Analyst - CDRC
CDRC (Cyber Defense Response Center) Senior Security Analyst who will be responsible to work collaboratively with peers and supervisors for providing effective security monitoring and incident response through triage, investigation, communication, and reporting. He/She will also work collaboratively with team members and managers to respond to and resolve information security incidents, maintain and follow procedures for security alerting, and participate in security investigations. He/She should be capable of identifying vectors of threats and incidents, and develops documentation to support the incident response process. He/She needs to articulates security issues and recommendations to IT project teams and management.
Essential Functions of the Job :
Operate as Second/Third level support to a 24x7 Cyber Defense Response Centre.
Act as the primary point of contact for reporting, monitoring, and tracking reported events and operational events.
Identify, prioritize and respond to security threats.
Will operate in a close team of computer/digital forensic, fraud, and other IT investigative experts.
Ensure that all incidents are recorded and tracked to meet audit, compliance and legal requirements.
Conduct root cause analysis to identify gaps and recommendations ultimately remediating risks to the firm.
Maintain an inventory of the procedures used by the CDRC and regularly evaluate the CDRC procedures and add, remove, and update the procedures as appropriate.
Publish reports to applicable teams.
Generate reports on Cyber Defense Centre activities.
Promote a security-first mindset, ensuring decisions are made without compromising core security objectives.
Should be willing to work in shifts (24/7).
Knowledge and Skills Requirements :
Fair Understanding of Linux, TCP/IP, Network Security, encryption standards etc.
Knowledge of various penetration testing and application testing methodology and tools is a definite plus.
Knowledge in application development (Microsoft technologies).
Excellent communication skills; written and verbal.
Good Attitude and Presentation skills
Good investigative, analytical and problem solving skills
Ability to work in a team, with little supervision and using own initiative
Analytical/Decision Making Responsibilities:
Actively investigates the latest security vulnerabilities, advisories, incidents, and penetration techniques and notifies the manager when appropriate.
Recognizes successful intrusions and compromises through review and analysis of relevant event detail information.
Coach less experienced team members on policies and procedures that contribute to maintaining the confidentiality, integrity, and availability of the data residing on or transmitted to/from/through enterprise workstations, servers, and other systems and in databases and other data repositories.
Assist in incident determination, ticketing and incident response, prevention and remediation
Maintains up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors
Engages in ongoing communications with peers in the Systems and Networking teams as well as the various business teams to allow for enterprise wide understanding of security goals, to solicit feedback and to foster co-operation
Able to weigh general business needs against security concerns being seen across the enterprise and industry, and articulate issues to supervisors Translates technical vulnerabilities in business risk enabling senior leadership to make informed decision
Coordinate escalations and collaborate with internal technology teams to ensure timely resolution of issues.
Will provide mentoring, support, and direction for other members of the team, as required
Helps team and colleagues understand the bigger picture of technical, ethical and financial needs.
Requires minimal supervision from management and frequently works on projects with only periodic updates to supervisor.
May seek guidance on increasingly complex projects
- Bachelor’s degree in Computer Science, Information Systems, Engineering or related field.
Minimum of 8+ years of experience in one or more of the following:
Working in a Security Monitoring/Security Operations Center environment (SOC)
Incident Handling and Incident Response.
Deep Understanding of the following: Firewalls, Intrusion detection and prevention systems, antivirus and content & URL filtering, authentication solutions, switches, routers, VoIP, DMZ and latest intrusion detection platforms.
Experience in enterprise security architecture design and document creation
Experience with Splunk Enterprise Security is a plus
Understanding of electronic investigation and log correlation
Working knowledge of Linux and/or Windows systems administration (Including AD).
Scripting or programming (Shell scripting, Power Shell, C, C#, Java, etc.)
- CCNA/CCNA Security, RHCE, CCSA/CEH/CIH, GCIH, GCFA, GCIA, GSEC, GIAC, Security+ Candidates holding a CISSP, CISM, CISA, or similar certification, is a plus