Information Security Analyst(Splunk with 5-10 years of experience)
- Bangalore, India
Sr. Information Security Analyst
The Threat Management Detection Content Management team is dedicated to building threat detection capabilities to protect VMware's information assets. We leverage the latest technologies and correlate multiple telemetry points in order to create high-quality alerting for security analytics. Guided by the latest in threat research and intelligence, our team is at the cutting edge of threat detection.
As a Security Analyst on the Detection Content Management team, you will be responsible for the operationalization of new security platforms in order to enable our Security Operations Center to stay ahead of emerging and current threats. You'll utilize data analytics, threat intelligence, and your experience to leverage new and existing technologies to build the use cases that drive our security analytics and incident response. You'll get hands-on with new and exciting technologies to help drive the direction of our security capabilities.
If the above information excites and motivates you, we want to hear from you! Please read on and apply today.
This position is responsible for:
- Development of use cases and alerting for Security Operations from our Security platforms and tools.
- Communication and collaboration with the Security Operations team for alert development and improvement.
- Proactively reviewing and operationalizing threat intelligence in order to create alerting to detect techniques, tactics, and procedures employed by theat actors.
- Planning and execution of excercises to test monitoring capabilities
- Daily tracking of security metrics and telemetry to drive alerting capabilities.
- Participation in threat modeling exercises for applications and services in our enterprise
- Reviewing and updating logging requirements and utilization.
- Responding to tickets, email, and telephone requests.
- Developing and maintaining security monitoring and response processes.
- Participating in evaluation, implementation, and troubleshooting of security tools for the Security Operations Center (SOC) team.
- Tracking, reporting, and controlling incident communications with other teams.
- Providing feedback on effectiveness of threat intelligence platform and data feeds.
- Maintaining current knowledge and understanding of the threat landscape and emerging security threats.
- Thorough and accurate reporting of project statuses and timelines.
- Maintaining a high level of confidentiality.
Required skills and experience:
- 5-8 years of experience working in a Security Operations Center (SOC).
- Strong understanding of Security Operations Center (SOC) and Incident Response practices and methodologies.
- Strong understanding of cloud computing and security issues related to cloud environments.
- A solid understanding of security monitoring and response capabilities on cloud platforms.
- Expertise using SIEM products (Splunk Enterprise, Elastic Stack).
- Experience with endpoint security analysis on Windows, Mac, and Linux event data and related tools.
- Expert technical knowledge of Internet security and networking protocols.
- Understanding of security technologies, including UEBA, SIEM, IDS/IPS, firewalls, endpoint security, content filtering, and packet inspection.
- Strong analytical skills and ability to identify advanced threats.
- Scripting skills such as Python, Perl, RegEx, Splunk Query Language.
- Ability to interact effectively at all levels of an organization, across diverse cultural and linguistic barriers, and as part of a geographically distributed team.
- Ability to collaborate effectively as part of a team and work independently with minimal supervision.
- Ability to quickly adapt as the external environment and organization evolves.
- Ability to prioritize projects and deliverables.
- Comfortable facing new challenges and changes in direction.
- Self-motivated, team player, and detail oriented.
- Positive and constructive attitude.
- Excellent written and verbal communications.
- Availability outside working hours for high priority events.
- Bachelor's degree or equivalent experience.
- Certified Splunk Power User
- GCIA, GCIH, GCDA, OSCP certifications
VMware is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: VMware is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at VMware are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. VMware will not tolerate discrimination or harassment based on any of these characteristics. VMware encourages applicants of all ages. VMware will provide reasonable accommodation to employees who have protected disabilities consistent with local law.
Back to top