This position will be on-site reporting to our Bangalore office, M-F.
This team provides 24/7 support. This role requires shift flexibility, including the ability to rotate between days, mids, and nights.
As a Senior SOC-MDR Analyst, you will provide deep-level analysis for security investigations using a wide range of customer-provided data sources, audit, and monitoring tools at both local and enterprise levels. You will collaborate closely with Managers, Technology Engineers, Architects, and Threat Analysts to deliver exceptional security services to our clients. This in-office position is dedicated exclusively to a single client account and requires flexibility to rotate through day, mid, and night shifts as part of our 24/7 support team.
How You'll Make an Impact
Perform duties within a geographically dispersed team, ensuring situational awareness and keeping local team members informed and up-to-date
Perform security monitoring and incident response activities across client networks using various tools and techniques
Detect incidents through proactive “hunting” across security-relevant data sets using multiple tools and technologies
Thoroughly document incident response analysis activities
Review investigations conducted by junior analysts to ensure quality standards
Develop new, repeatable methods for identifying malicious activity across networks
Recommend enhancements to detection and protection capabilities; propose updates to Standard Operating Procedures (SOPs)
Present technical topics to both technical and non-technical audiences
Develop and follow detailed operational processes and procedures to appropriately analyze, escalate, and assist in the remediation of information security incidents
Prioritize multiple high-priority tasks and formulate responses with recommendations to customers and team members in a fast-paced environment
Continually develop new technical skills; push to expand and improve overall team capabilities, engage with and mentor other team members
Demonstrate understanding of attack methodologies, malware analysis, malicious toolkits, and how those may manifest across various environments and security technologies
Understand complex adversary emulation concepts
Support advanced use case design for insider threats, operational, threat detection, and response
Review defensive and detective controls to reduce client attack surface
What We're Looking For
6+ years operational experience assessing, reviewing, and remediating cybersecurity vulnerabilities and risks
Knowledge of cybersecurity threats and risks associated with third-party software vulnerabilities, vendor computing environments, end user systems, and network and server technologies
Experience with CVE’s, CVSS scores, and understanding of compensating controls and mitigating factors
Familiarity with Information Security frameworks, guidelines, and best practices
Strong working knowledge of Windows and/or Linux operating systems
Expertise in cybersecurity controls, Security Event and Information Management (SIEM - Splunk & QRadar) and Endpoint Detection and Response (EDR - CrowdStrike) technologies, and experience with Security Orchestration, Automation, and Response (SOAR - Palo Alto Cortex) platforms.
Ability to interact professionally with personnel at all levels
Excellent problem-solving and analytical skills; passion for data analysis
Team player, able to collaborate with local and remote team members to support uninterrupted mission operations
Expertise in the cyber threat landscape; in depth knowledge of current adversarial tactics and techniques; a thorough understanding of the security controls and/or telemetry data available to detect malicious activity; well-versed in cyber security incident response terminology and best practices
Ability to support moderate to complex cyber investigations using multiple tools (including endpoints, User and Entity Behavior Analytics (UEBA), public cloud, Software as a Service (SaaS), and packet analysis)
Experience conducting threat response activities such as quarantining hosts and other common response playbook measures
Ability to apply threat intelligence to improve detection and response capabilities
Extensive experience with alert triage and endpoint investigations using EDR
Experience performing malware detection and analysis procedures (does not include reverse engineering)
Expertise in MITRE ATT&CK framework and common attack tactics used by threat actors
Ability to recommend tuning of security alerts, tools, and use cases to enhance detection accuracy and reduce false positives
Knowledge of AWS, Azure, and cloud technologies
Basic fraud and insider threat investigation skills
Proficient in writing and speaking English; must possess professional communication skills, verbal and written, for meetings with client leadership
The role requires to support in 24/7 shifts, preferrable US hours.
This position requires reporting to the Bangalore office during shift working hours throughout the week
.
What you can expect from Optiv
A company committed to our inclusive value through our
Employee Resource Groups
Work/life balance
Professional training resources
Creative problem-solving and the ability to tackle unique, complex projects
Volunteer Opportunities. “Optiv Chips In” encourages employees to volunteer and engage with their teams and communities.
The ability and technology necessary to productively work remotely/from home (where applicable)
EEO Statement
Optiv is an equal opportunity employer. All qualified applicants for employment will be considered without regard to race, color, religion, sex, gender identity or expression, sexual orientation, pregnancy, age 40 and over, marital status, genetic information, national origin, status as an individual with a disability, military or veteran status, or any other basis protected by federal, state, or local law.
Optiv respects your privacy.
By providing your information through this page or applying for a job at Optiv, you acknowledge that Optiv will collect, use, and process your information, which may include personal information and sensitive personal information, in connection with Optiv’s selection and recruitment activities. For additional details on how Optiv uses and protects your personal information in the application process, click here to view our
Applicant Privacy Notice
. If you sign up to receive notifications of job postings, you may unsubscribe at any time.
