Blackrock has flagged the Analyst - TES - GDW - Technology Solutions Center job as unavailable. Let’s keep looking.

Cyber Security Analyst, Managed Detection & Response, Data & Technology

Ankura

Ankura is a team of excellence founded on innovation and growth.

This position supports the Data & Technology practice - one of seven practices focused on client delivery services across the Firm. 

Cybersecurity Analysts are the first line of defense at our Security Operations Center (SOC). The Cyber Security Analyst is an associate level role that provides expert Network and Endpoint Security analysis for Ankura's portfolio of clients in a 24x7 operational setup. Analysts actively review alerts and behaviors reported from a variety of security platforms and conduct the deeper investigation of events and other data elements for possible threats and engage in Incident Response. Analysts make determinations of threat potential from network and host events, build an understanding of risk, and help Ankura and its clients understand those risks as well as mitigation strategies.

Location: Conditional Remote / Gurgaon Hours: 40 hours a week Reporting into: Assistant Manager - Cybersecurity

About Us:

Ankura: Ankura Consulting Group is recognized as one of the five fastest growing consulting companies, with 1,500 employees across 32 offices in 4 continents. The Company provides services to its client on expert witness, bankruptcy and corporate restructuring, litigation support, forensic accounting, geopolitical risk assessment, and general management consulting services. Ankura Consulting Group headquarters is based in Washington, USA.

Practice: The Managed Data Protection Services is part of the Global Cyber Security and Privacy vertical.

Responsibilities:

Duties include continuous monitoring of Security Information Event Management (SIEM) and related platforms for correlated events and alerts and working with the client to take action. Analysts leverage events to determine the impact, document possible causes and provide useful information to clients. A deep understanding of various commercial and open source network sensors, intrusion detection systems and event log correlation engines is required. Analysts are expected to deliver enhanced threat awareness and knowledge through research and continuous improvement of use cases, signatures, and metrics. Analysts are also expected to maintain open communication and visibility with their team members, Senior Analysts, Directors, and Clients. Usually employees will be permitted to work remotely in the current operational setup however that setup may change based on company and/or business needs, with or without notice. It may also be considered a conditional privilege as the employees are personally responsible to maintain uninterrupted availability and communication via all official channels throughout their designated shifts. If the employee performance cannot be satisfactorily ascertained by their manager or the employee is unable to adapt to work without disturbance, they may be called upon to work out of the company’s office.

Required Skills:

Capabilities

  • Preferred to have some formal training or experience in delivering Managed Security or Managed Detection and Response Services.
  • Preferred to have a sound understanding and up to date knowledge of common security threats, attack vectors, vulnerabilities, exploits, and Network Architecture / Protocols (such as OSI, TCP/IP, P2P, etc.) and Packet Analysis.
  • Preferred to have the Hands-on experience to correlate and analyze information from a wide variety of enterprise technologies including but not limited to SIEM, UEBA, ETDR, IDS, IPS, Proxy, Firewall, DLP, and other Threat intelligence tools for anomalous activity and items of interest.
  • Preferred to have the necessary experience to conduct initial triage of security events and incidents; determine the priority, criticality, and impact; facilitate communication within the SOC, escalate to the client for containment and remediation, and document/journal progress throughout the Incident Response Lifecycle within the respective service level objectives.
  • Experience of conducting research analysis and data gathering requirements to present in a report format.
  • Should be able to develop/follow standard processes and complete documentation as needed.
  • Should be detail-oriented and able to work independently and communicate effectively both verbally and in writing.
  • Must be flexible enough to work in a 24x7 rotational shift setup, including overnight, weekend, and National holidays.

Individual & TEAMWORK

  • Must be able to effortlessly switch between independent and team-based work
  • Understands that the work product is dependent on team efforts and remains responsive to internal and external deadlines
  • Able to share expertise and experience with team members to encourage growth and shared success
  • Able to maintain focus and attention to detail for sustained periods of time
  • Engaged in supporting development and growth of all team members

COMMUNICATION

  • Comfortable working in a remote work environment including web-based team management and collaboration applications, and time keeping systems e.g. Slack, Microsoft Teams, Intapp, Workday.
  • Ability to communicate complex ideas effectively, both verbally and in writing in English and the local office language(s)
  • Able to provide reports showing progress or achievement of assigned goals and responsibilities as required.
  • Must be an active listener and ask questions of others when clarity is needed
  • Ability to gain understanding of client needs and apply an analytic reasoning
  • Demonstrates proactive engagement in meetings and process discussions

TECHNICAL:

  • Elastic, Logstash, Kibana.
  • Traditional SIEM ArcSight ESM.
  • Lucene, Python, and/or other similar programming/query/scripting languages
  • Emerging SIEM such as SNYPR, Exabeam, Empow.
  • Snort / Surricata / Zeek / Wireshark.
  • Endpoint awareness for Carbon Black, CrowdStrike, Cylance, Cybereason.
  • Security platforms such as Proofpoint, BlueCoat.
  • Open source frameworks like Security Onion.

GROWTH MINDSET

  • Can receive and provide feedback in a constructive manner that leads to the growth of self and others.
  • Displays perseverance of effort and passion for a long-term goal and end state.
  • Works well under timelines and puts in extra effort as required to meet timelines.
  • Self-motivated to identify areas for team & process improvement and collaborate with others to develop creative solutions.

Leadership traits

  • Willing to adapt leadership skills to support larger and more complex projects.
  • Work product for self and team is consistently of excellent quality and efficiency.
  • Respectful and professional in all interactions with team members, clients, and other professionals.
  • Maintains composure and calm disposition under high-pressure or stressful circumstances.

Education, Training & certifications

  • Preferred to have a degree in CS/IT with relevant security certifications or a Diploma in the field of IT Security from specialized schools like CDAC.

Key Performance indicators

  • Analyze client network for threats using analytical platforms for event monitoring such as NSM, SIEM, UEBA, ETDR.
  • Deliver client reports based on analysis that are timely, high quality, and accurate.
  • Understand and support incident response and triage
  • Improve reporting to avoid ‘analysis paralysis’.
  • Develop new skills within analytical platforms
  • Client satisfaction and becoming a client lead analyst.

Ankura is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against based on disability. Equal Employment Opportunity Posters, if you have a disability and believe you need a reasonable accommodation to search for a job opening, submit an online application, or participate in an interview/assessment, please email accommodations@ankura.com or call toll-free +1.312-583-2122. This email and phone number are created exclusively to assist disabled job seekers whose disability prevents them from being able to apply online. Only messages left for this purpose will be returned. Messages left for other purposes, such as following up on an application or technical issues unrelated to a disability, will not receive a response.

Read Full Description
Confirmed 9 hours ago. Posted 30+ days ago.

Discover Similar Jobs

Suggested Articles