Security Analyst

Join Vectra AI's MXDR team in Bengaluru as a Security Analyst. In this critical, customer-facing role, you will leverage your expertise in cyber threats, attacker behavior, and investigation techniques to analyze and interpret real-world attacks affecting our clients. Your responsibilities will include investigating suspicious activity, correlating indicators across diverse data sources, identifying attacker tactics and lateral movement, and communicating findings clearly and actionably to customers. You will actively monitor, triage, investigate, and respond to security events across customer environments using the Vectra platform, integrated EDR technologies, and other essential security tools. This position demands strong analytical thinking, effective communication skills, and a robust understanding of modern attack techniques and enterprise environments. You will be instrumental in helping customers differentiate between benign and malicious activity, prioritizing threats based on risk and impact, and providing guidance during active investigations and incident response situations. By utilizing Vectra's AI-driven detections and telemetry, you will contribute to safeguarding customer environments against advanced threats while continuously enhancing operational detection and response capabilities. This is a highly technical role requiring deep knowledge of networking, operating systems, and security operations principles. Successful candidates will be adept at analyzing alerts, validating threats, investigating attacker activity, and navigating complex customer environments. Outside of active customer investigations, you will contribute to operational improvement initiatives, detection tuning, threat research, playbook development, and knowledge-sharing activities to strengthen both the team and customer outcomes. Key responsibilities include: Monitoring, triaging, and investigating security alerts and suspicious activity across customer environments. Analyzing attacker behavior, lateral movement, privilege escalation, and indicators of compromise using Vectra and integrated security tools. Providing customers with timely, clear, and actionable recommendations during security investigations and active incidents. Escalating confirmed threats and coordinating with customer security teams during incident response activities. Assisting customers in understanding detections, threat prioritization, and remediation guidance. Leveraging EDR, network telemetry, and security tooling to validate and investigate potential threats. Contributing to detection tuning, operational process improvement, and threat-hunting activities. Documenting investigations, findings, recommendations, and lessons learned professionally. Collaborating with internal teams to improve detection coverage, operational workflows, and customer experience. Acting as a strong advocate for customer security outcomes and operational excellence. Pursuing ongoing security research and staying current on emerging threats, attacker techniques, and industry trends. Travel is expected at 0-10%. Essential qualifications include experience in a SOC, MDR, incident response, threat hunting, or security operations environment; strong analytical and investigative skills with the ability to assess and prioritize security events; experience communicating technical findings and security risks to diverse audiences; ability to work independently in fast-paced operational environments and adapt to changing priorities; excellent written communication, documentation, and organizational skills; and experience collaborating across cross-functional teams in customer-facing or operational roles. Technical essentials include a good understanding of security technologies such as EDR, SIEM, NDR, firewalls, and endpoint security platforms; experience with EDR tools including Crowdstrike, Microsoft Defender for Endpoint (MDE), and SentinelOne; a good understanding of security product lines (firewalls, sandboxing, SIEM, forensics-type platforms); understanding of network protocols such as TCP/IP, DHCP, DNS, NAT, VPN, PKI, RADIUS, etc.; a good understanding of SQL query language; proficiency with packet capture tools, PCAPs, and their analysis; and familiarity with attacker tactics, techniques, and procedures (TTPs), including lateral movement and credential abuse. Impressive additional experience includes familiarity with Active Directory, Entra ID, LDAP, VPNs, firewalls, and enterprise identity environments; understanding of cloud security concepts in AWS and/or Azure environments; experience with threat hunting methodologies and incident response processes; and scripting or automation skills (Python or PowerShell) are a plus. Relevant industry certifications such as GCIA, GCIH, GCFA, CySA+, Security+, or similar are also beneficial.