Security Analyst - SOC
Job Title: Security Analyst, SOC
Reporting Structure: Reports to Director, Security Operations Centre
Summary of Position:
Assume primary responsibilities for security operations (Security Monitoring, Alerts handling, Systems and Network Compliance, Vulnerability Life Cycle Management.
List 3 to 6 key responsibilities of the job
1. Responsible for handling all security alerts – Review the alerts and handle them as per the process. This involves working with different groups and ensuring that all the alerts are closed in a timely manner. This position also contributes to the process improvements.
2. Responsible for patch management process – This involves a) performing security impact analysis for the patches and vulnerabilities published by vendors other security research sites for different platforms ( Operating Systems, Web Servers and Network devices) b) Defining priority for the patch rollout c) Ensuring that the patches are rolled out in a timely manner d) Scanning the systems and other platforms to validate that the patches are applied and following up with various teams to address any gaps
3. Responsible for Vulnerability Management Process – This involves a) Ensuring that vulnerability scans are run at scheduled time b) Scan results are analysed in a timely manner c) Categorizing the vulnerabilities as per defined process d) Fixes are applied as per the vulnerability policy e) Tracking the open issues and follow up with different teams to address the open issues.
4. Security Log Analysis – Monitor and analyze the logs from various security tools – Any events that need to be correlated from a security perspective to be researched and submitted to the tools team for the alert development
5. Compile Security Metrics - Automate management reports based on information generated from different security tools – Compile security metrics and efficiency metrics for management review.
6. Assist in providing requirements for new and existing security systems, tools, and applications
7. Collaborate with different groups to ensure that their requirements and new initiatives adhere to information security policies and best practices
8. Perform device reviews to ensure compliance with hardening standards, access controls and security related configuration settings
9. Prepare security documentation including security procedures, standards, notifications and alerts in support of other Information Security teams within the Yodlee Security department.
10. Assist in writing best practice procedures for the following services: Incident analysis, Incident response coordination, security audits or assessments, certificate authority, log analysis & diagnostics, and host vulnerability scanning
3 to 5 years’ experience working as a hands-on system, network or security administrator in a support role. Experience should include handling projects in an independent capacity and with extensive cross functional co-ordination.
Experience in handling security projects is required. The interview process will include a technical competency assessment of security knowledge, including both concepts and their application to typical scenarios.