|JD-560 – [06-03-25]|- SecurityHQ – Cyber Security Associate

Approx. Package: Rs. 3,00,000/- Per Annum.

Key Responsibilities:

• Acknowledge, analyse and validate incidents triggered from correlated events through
SIEM solution
• Acknowledge, analyse and validate incidents received through other reporting
mechanisms such as email, phone calls, management directions, etc.
• Collection of necessary logs that could help in the incident containment and security
investigation
• Escalate validated and confirmed incidents to SOC Analyst
• Undertake first stages of false positive and false negative analysis
• Understand the structure and the meaning of logs from different log sources such as FW,
IDS, Windows DC, Cisco appliances, AV and antimalware software, email security etc.
• Understand the subject of EDR alarms
• Open incidents in SecurityHQ (ITSM Platform) to report the alarms triggered or threats
detected. Analyst should properly include for each incident on SecurityHQ all details
related to the logs, alarms and other indicators identified in accordance with the
intervention protocol of each client and the SLA.
• Track and update incidents and requests based on client’s updates and analysis results
• Properly log client requests and change requests in SecurityHQ
• Report infrastructure issues to the SHQ support team.
• Report false positive alarms from EDR and SIEM to L2 SOC analysts
• Other duties related to the position

Qualifications and Skills:

• Experience in Security Information Event Management (SIEM) tools.
• Should have expertise on TCP/IP network traffic and event log analysis
• Knowledge of ITIL disciplines such as Incident, Problem and Change Management

Desired Skills:

• Strong interpersonal and presentation skills
• Ability to work with minimal levels of supervision or oversight
• Adherence to security policies