Sr. Analyst - MDR | On-site, Bangalore

As a Senior SOC-MDR Analyst, you will provide deep-level analysis for security investigations using a wide range of customer-provided data sources, audit, and monitoring tools at both local and enterprise levels. You will collaborate closely with Managers, Technology Engineers, Architects, and Threat Analysts to deliver exceptional security services to our clients. This in-office position is dedicated exclusively to a single client account and requires flexibility to rotate through day, mid, and night shifts as part of our 24/7 support team.

How You'll Make an Impact

• Perform duties within a geographically dispersed team, ensuring situational awareness and keeping local team members informed and up-to-date
• Perform security monitoring and incident response activities across client networks using various tools and techniques
• Detect incidents through proactive "hunting" across security-relevant data sets using multiple tools and technologies
• Thoroughly document incident response analysis activities
• Review investigations conducted by junior analysts to ensure quality standards
• Develop new, repeatable methods for identifying malicious activity across networks
• Recommend enhancements to detection and protection capabilities; propose updates to Standard Operating Procedures (SOPs)
• Present technical topics to both technical and non-technical audiences
• Develop and follow detailed operational processes and procedures to appropriately analyze, escalate, and assist in the remediation of information security incidents
• Prioritize multiple high-priority tasks and formulate responses with recommendations to customers and team members in a fast-paced environment
• Continually develop new technical skills; push to expand and improve overall team capabilities, engage with and mentor other team members
• Demonstrate understanding of attack methodologies, malware analysis, malicious toolkits, and how those may manifest across various environments and security technologies
• Understand complex adversary emulation concepts
• Support advanced use case design for insider threats, operational, threat detection, and response
• Review defensive and detective controls to reduce client attack surface

• 6+ years operational experience assessing, reviewing, and remediating cybersecurity vulnerabilities and risks
• Knowledge of cybersecurity threats and risks associated with third-party software vulnerabilities, vendor computing environments, end user systems, and network and server technologies
• Experience with CVE's, CVSS scores, and understanding of compensating controls and mitigating factors
• Familiarity with Information Security frameworks, guidelines, and best practices
• Strong working knowledge of Windows and/or Linux operating systems
• Expertise in cybersecurity controls, Security Event and Information Management (SIEM - Splunk & Qradar) and Endpoint Detection and Response (EDR - CrowdStrike) technologies, and experience with Security Orchestration, Automation, and Response (SOAR - Palo Alto Cortex) platforms.
• Ability to interact professionally with personnel at all levels
• Excellent problem-solving and analytical skills; passion for data analysis
• Team player, able to collaborate with local and remote team members to support uninterrupted mission operations
• Expertise in the cyber threat landscape; in depth knowledge of current adversarial tactics and techniques; a thorough understanding of the security controls and/or telemetry data available to detect malicious activity; well-versed in cyber security incident response terminology and best practices
• Ability to support moderate to complex cyber investigations using multiple tools (including endpoints, User and Entity Behavior Analytics (UEBA), public cloud, Software as a Service (SaaS), and packet analysis)
• Experience conducting threat response activities such as quarantining hosts and other common response playbook measures
• Ability to apply threat intelligence to improve detection and response capabilities
• Extensive experience with alert triage and endpoint investigations using EDR
• Experience performing malware detection and analysis procedures (does not include reverse engineering)
• Expertise in MITRE ATT&CK framework and common attack tactics used by threat actors
• Ability to recommend tuning of security alerts, tools, and use cases to enhance detection accuracy and reduce false positives
• Knowledge of AWS, Azure, and cloud technologies
• Basic fraud and insider threat investigation skills
• Proficient in writing and speaking English; must possess professional communication skills, verbal and written, for meetings with client leadership
• The role requires to support in 24/7 shifts, preferrable US hours.
• This position requires reporting to the Bangalore office during shift working hours throughout the week.

• A company committed to our inclusive value through our Employee Resource Groups
• Work/life balance
• Professional training resources
• Creative problem-solving and the ability to tackle unique, complex projects
• Volunteer Opportunities. "Optiv Chips In" encourages employees to volunteer and engage with their teams and communities.
• The ability and technology necessary to productively work remotely/from home (where applicable)