Soc Analyst - Bengaluru/bangalore - Mcafee @ McAfee

Role Overview:
We are looking for a passionate security operations center (SOC) analyst who s extremely determined towards analyzing security events to identify security incidents and to minimize their impact. The SOC analyst will work as part of McAfee s Cyber Security Fusion Center and will report to SOC Manager. The analyst will use various defense tools to conduct analysis, help strengthen security controls and work with cross-functional teams, information technology (IT) and information security engineering, with a customer-oriented approach to ensure that a secure workspace is provided to McAfee s workforce.

As part of this role, you are expected to -

• Characterize and analyze network traffic, logs and endpoint activity to identify anomalies, malicious or potential threats to McAfee s assets; Perform event correlation using information gathered from a variety of sources (network and endpoint logs) to gain situational awareness to detect, confirm, contain, remediate, and recover from attacks.
• Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities.
• Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information; Determine tactics, techniques, and procedures (TTPs) for intrusions.
• Isolate and remove malware; Reconstruct a malicious attack or activity based off malicious samples seen on endpoints, phishing emails or in network traffic; Perform root cause analysis
• Develop content for cyber defense tools; Assist in the construction of signatures or indicators of compromise (IOCs) which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave.
• Notify SOC managers and cyber incident responders of suspected cyber incidents and articulate the event's history, status, and potential impact for further action in accordance with the cyber incident response plan and procedures.
• Exercise user-oriented approach while handling security incidents to ensure that user impact is minimized as much as possible and the situation is well articulated to users
• Document ongoing incidents, after action reports and escalate incidents (including event s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
• Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities.
• Work with cross-functional teams to resolve computer security incidents and vulnerability compliance.
• Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise.
• Support Incident Response efforts - evidence collection, documentation, communications, and reporting.
• Responsible for the enforcement of corporate information security policies to protect McAfee's information assets and intellectual property.
• Lead or contribute to security risk assessments that determine threats, consequences, and vulnerabilities to key assets, products, and services.
• Recommend and drive additional security controls to meet current and future needs.

About You

Must have minimum 2 years of experience with the following:

Exercising solid critical thinking and analytical skills Application of cybersecurity principles and risk management basics Collaborating with multiple teams to drive improvements and resolutions Log correlation among network defense tools and endpoint security technologies

We believe an ideal candidate will also be able to show that they have,

• Taken initiatives to drive improvements for security technologies and processes
• Working knowledge of the Security Operation Center (SOC) & the Information Security Common Body of Knowledge and best practices
• Good understanding of and like to remain aware of recent cyber risks and threats.
• Preferred certifications: GCIH, GCFA, CEH, Network+, Security+ or equivalent industry standard certifications