Cybersecurity Analyst

Role Overview

Unisys is seeking a motivated Cybersecurity Analyst to join their team in Bengaluru/Bangalore. This role is crucial for maintaining the security posture of client environments by monitoring, analyzing, and responding to security threats. The successful candidate will play a key part in proactive threat hunting, incident response, and ensuring the health of security systems.

Key Responsibilities

• Monitor and analyze security alerts from Google SecOps SIEM, utilizing UDM Search to identify suspicious activities and potential compromises. Escalate issues as needed.
• Conduct proactive threat hunting using Chronicle search, threat intelligence feeds, and entity correlation techniques.
• Support the ingestion and normalization of logs using SecOps ingestion tools, including Forwarder, Collector, Ingestion APIs, and UDM-based parsers.
• Monitor the health of the ingestion pipeline by validating telemetry flow from various sources.
• Utilize SIEM Dashboards to track UDM event ingestion metrics, detection volumes, alert counts, IOC activity, and ingestion issues to identify performance degradations.
• Continuously track threat intelligence enrichment performance to ensure accurate application of indicators and context to alerts.
• Provide input for SOAR playbooks to automate common response workflows and reduce analyst workload.
• Actively monitor the security alerts queue and triage incoming security alerts.
• Monitor the health of customer security sensors and SIEM infrastructure.
• Collect data and context necessary to initiate Level 2 escalations.
• Investigate, document, and report on security threat issues and emerging trends.
• Coordinate the containment and eradication of malicious activities with internal and external parties.
• Notify appropriate business stakeholders of serious security events and implement security improvements by assessing current situations, evaluating market trends, and anticipating requirements.
• Collaborate with Senior Analyst SOC Operations for monitoring and analyzing logs from various security/industrial appliances using the SIEM tool.
• Perform log monitoring and incident analysis for devices such as Firewalls, IDS, IPS, Windows Servers, and Web servers.
• Track and report configuration changes on routers, switches, and firewalls using the SIEM tool.
• Identify and report potential security threats or violations of security policies to the Information Security Manager.
• Demonstrate an understanding of security threats, attack scenarios, analysis techniques, and intrusion detection.
• Prioritize security incidents based on environmental awareness and global intelligence. Classify incidents by policy and regulatory scope, and manage configuration status including active services and patch levels.
• Send security alert messages on newly discovered vulnerabilities to the concerned security team and respective customers promptly.
• Escalate and coordinate with other domains for unresolved incidents.
• Perform security event monitoring in 24/7 rotational shifts.
• Willingness to work in 24/7 rotational shifts, including night shifts and weekends.

Qualifications and Skills

• Bachelor's degree in computer science, engineering, or a technology-related field, or equivalent practical experience.
• Minimum of 1-3 years of experience in the security domain, with exposure to SIEM tools.
• Hands-on experience with SIEM/SOAR platforms; Google SecOps/Chronicle experience is preferred.
• Experience performing threat intelligence enrichment using sources such as Google Threat Intelligence, Mandiant, and VirusTotal.
• Solid understanding of network and security fundamentals, and common Internet protocols, including DNS, HTTP, HTTPS/TLS, and SMTP.
• High energy levels and a quick learning ability.
• Strong analytical skills and the ability to think outside the box.
• Good communication skills with a positive attitude.
• Willingness to learn new technology platforms.
• Knowledge and experience in Python and PowerShell scripting are considered an added advantage.
• Certifications in Google Security Operation Engineer are a plus.

About Unisys

Unisys is committed to fostering an inclusive and diverse workplace. As an equal opportunity employer, Unisys considers all qualified applicants without regard to age, blood type, caste, citizenship, color, disability, family medical history, family status, ethnicity, gender, gender expression, gender identity, genetic information, marital status, national origin, parental status, pregnancy, race, religion, sex, sexual orientation, transgender status, veteran status, or any other category protected by law. Local employment practices and rights may vary by jurisdiction and are subject to applicable local laws. Unisys strives to provide opportunities for all interested individuals to participate without barriers. For US job seekers requiring assistance or seeking reasonable accommodation, please contact the Global Recruiting organization at [HIDDEN TEXT]. More information about Unisys' EEO commitment can be found here.