Security Analyst I (Bengaluru)

Position Summary:

This role is 100% onsite in Bengaluru. The shift for this position is Monday Friday 7:30AM 3:30 PM.

Deepwatch is looking for a highly motivated selfdriven technical analyst dedicated to making a difference in global security by protecting organizations against the most advanced attackers in the world. The Deepwatch Squad and Security Operations Center offers opportunities to expand your skill set through a wide variety of experiences detecting and responding to incidents as they occur in realtime for our customers.

The Deepwatch squad is a unique approach to how we support our customers and ultimately provide an experience not found anywhere else. Youll be an integral part of supporting our customers by understanding their bespoke environment needs and challenges. You will be playing a key role in supporting some of the top organizations in the world and have the opportunity to develop your skills by working with the best responders in the industry your team and your Squad.

The Analyst I is focused on providing descriptive analysis. They will answer questions such as the who what when and where of events. Analysts are curious individuals who actively work to develop a better understanding of the environments they are assigned. Using cybersecurity best practices you will monitor and secure complex customer environments utilizing industry leading technology such as Splunk xSOAR CrowdStrike and more.

In this role youll get to:

• Support incident handling processes across multiple platforms and security technologies including Windows Linux and macOS
• Monitor a queue of security events generated by the Deepwatch platform SOAR triage events based on their criticality and escalate validated security events to customers
• Document and manage incident cases in our case management system
• Keep uptodate with information security news techniques and trends
• Identify and report any gaps in log collection or reporting as soon as possible to the customer and Deepwatch Engineering
• Become proficient with Splunk ServiceNow and other thirdparty threat intelligence tools as required
• Perform security detection analysis and investigations using SIEM and SOAR technologies leverage Deepwatch proprietary tooling and intelligence and maintain SLAs
• Act as the first line of defense during security events by triaging and investigating alerts within a customers environment
• Produce highquality written and verbal communications recommendations and findings to customer management in a timely manner
• Continue to sharpen your skills and capabilities on the job and through the Deepwatch development program

To be successful in this role youll need to:

• A basic understanding of cyber security principles concepts and practice with a focus on SOC operations alert triage and investigations
• Know your way around SIEM platforms (Splunk preferred) how to perform queries and leverage various log sources to perform investigations
• Articulate the process involved in pivoting to other log sources cloud systems or consoles to perform a comprehensive analysis from multiple data sources
• Have a basic understanding of modern EDR email security and cloud identity platforms
• Review SIEM alerts and make a determination for what other sources or intelligence is needed to make a determination relying on peers to help improve your skills and capabilities
• A strong understanding of all basic ports and protocols
• Familiarity with Windows Mac and Linux file path structure.
• Familiarity with OSINT TTPs and IOCs
• Strong written and verbal communication skills with the ability to produce wellwritten reports and analysis thats thorough accurate and complete.
• Provide the customer with a complete understanding of the investigation
• CEH CySA GSEC Sec or equivalent certification preferred
• A college degree in Information Security or IT related training certifications or onthejob experience