Security Analyst(CSIR) - T2

Job description: • The primary responsibility is to work on the existing or new Incidents, Service requests and Tasks • Escalation point for L1 and triage the unresolved incidents or requests Business Relationships: • Constantly communicates with associates and customers Key Responsibilities Process • Day to day Operational issues, requests and Project tasks • Incident response and resolution within SLA's with excellent analytical and troubleshooting skills • Providing all the necessary details to leads about the issue, steps taken, recommendation and any other relevant information • Ticket Status Check and Update • Respond to False Positive Alerts • Incident Escalation and Progress Monitoring • Create, review, update, and maintain Standard Operating Procedures. • Perform the Shift handovers Skills Must-have Skills: Prior working experience Vulnerability Management • Install, Configure, Maintain and troubleshoot Vulnerability Management applications like Qualys and Rapid7 • Perform Vulnerability Assessments over the client infrastructure • Perform Validating and exclude vulnerabilities based on the customer requirements • Create Vulnerability Management dashboards and prepare trending reports SIEM/IDR/MDR • Configure, Maintain and troubleshoot SIEM/IDR/MDR environment (Splunk, AWN, Rapid 7 Insight IDR) • Perform security event detection and threat analysis • Provide log/network/malware/device analysis for remediation of security vulnerability conditions • Validate log sources and indexed data, search through the indexed data to optimize the search criteria • Eliminate the false positives • Create reports and dashboards • Perform upgrades to the environment based on the documentation provided Good to have skills: Prior working experience Monitoring Tools: • Solarwinds o Install, Configure, Maintain and troubleshoot Solarwinds Orion components including NTA and SAM o Configure and Troubleshoot SNMP and WMI based monitors o Configure and Troubleshoot Adding / Modifying/ deleting devices o Configure and Troubleshoot URL monitoring o Configure and troubleshoot ESXi, Linux, and MS Cluster resources monitoring o Performing addition or removal of devices from Maintenance o Configure and Troubleshoot Adding / Modifying/ deleting thresholds for the devices o Scheduling or generating manual/custom reports o Prepare Technical documentation • LogicMonitor o Configure and Troubleshoot SNMP, WMI and SSH based monitors o Configure and Troubleshoot Adding / Modifying/ deleting devices o Configure and troubleshoot ESXi, Linux, and MS Cluster resources monitoring o Configure and Troubleshoot URL monitoring o Configure Global Setting such as Importing/Modifying LogicModules (DataSource/ConfigSource/etc.) o Performing addition or removal of devices from Maintenance o Configure and Troubleshoot Adding / Modifying/ deleting thresholds for the devices o Scheduling or generating manual/custom reports o Eliminate false positives o Prepare technical documentation • Experience on other monitoring tools such as SCOM, Zabbix, Datadog, etc., are desirable • Experience on other vulnerability Management tools such as tenable, AlienVault, Nessus is desirable • Experience on other SIEM tools such as Solarwinds SEM, ArcSight, QRadar, etc., are desirable • Candidate working with Managed Services/IT Services company is preferred, and a background in dealing with global teams and remote teams will be a strong plus • Relevant certification: ITIL is a strong plus