Senior Analyst

We are seeking a Senior Analyst - Incident Response to join our team in Bengaluru, Karnataka, India. In this role, you will be instrumental in safeguarding our digital assets and responding effectively to security incidents. Your responsibilities will include monitoring and triaging security alerts from Security Operations Center (SOC) tools, conducting in-depth incident investigations from detection to recovery, and performing timeline analysis using EDR tools like CrowdStrike to understand attack vectors. You will leverage Splunk for log analysis and threat detection, and analyze email headers to combat phishing and spoofing. Key incident types you will investigate include data exfiltration, financial fraud, zero-day threats, and copyright infringement. You will assess incident impact, document findings, and collaborate with IT, Cloud, and Network teams for remediation. A critical part of this role involves contributing to the enhancement of IR playbooks and SOC processes, ensuring we maintain accurate and timely incident documentation.

Key Responsibilities:

• Monitor and triage security alerts from SOC tools and escalate incidents.
• Perform end-to-end incident investigation and response (detection, containment, eradication, recovery).
• Conduct timeline analysis using EDR tools (CrowdStrike) for attack vector and impacted system identification.
• Analyze logs and create queries in Splunk (SIEM) for threat detection and correlation.
• Perform email header analysis for phishing, spoofing, and email-based threats.
• Investigate incidents involving data exfiltration, financial fraud, zero-day threats, and copyright infringement.
• Assess incident impact, severity, and business risk.
• Document incidents with clear evidence, findings, and recommendations.
• Collaborate with IT, Cloud, and Network teams for remediation and recovery.
• Contribute to improving IR playbooks and SOC processes.
• Maintain accurate and timely incident documentation within incident management systems.

Required Skills:

• EDR: CrowdStrike (event timeline analysis, RTR experience)
• SIEM: Splunk (log analysis, query writing)
• Cloud Security: AWS, Azure, O365 log analysis
• Email Security: Email header and phishing analysis
• Networking: DNS, DHCP, OSI model, TCP/IP
• Security Tools: Firewalls, IDS/IPS, WAF, Proxy
• Frameworks: Cyber Kill Chain / MITRE ATT&CK

Preferred Certifications: CEH, GCIH, GCIA, Security+, CCNA, and exposure to threat intelligence platforms.

Required Experience:

• Total Experience: 5 Years
• SOC Monitoring: 2–3 Years
• Incident Response: 4 Years