Apply now »

Job Title:  Senior Support Analyst

Job Code:  3670
Country:  IN
City:  Mumbai
Skill Category:  IT\Technology
Description: 

Department Overview

Nomura’s Threat Management Function is searching for Detection Engineering Lead, to lead a growing team of detection engineers and take the firm’s detection capabilities to the next level. The mission of Threat Detection is to proactively detect and identify breach attempts from threat actors.

The candidate will build and own solutions to quickly identify threats and build detective countermeasures. The candidate will be proficient at writing detections at scale using a detection-as-code approach for a wide range of systems leveraging version control, automated workflows, and test driven development.

The candidate will be a member of the Threat Management function, supporting regional security projects, as well as collaborating with the SOC, Threat hunting teams, Threat Intelligence, Purple Team and the security engineering teams.


Background:

Empathetic contributor who has experience operating effectively across teams and disciplines in highly ambiguous and rapidly changing environments and have successfully executed on ambitious projects

  • Strong understanding of various SEIM Querying languages ( e.g. Search Processing Language, Elastic Common Schema) with the ability to create advanced correlation searches and dashboards
  • Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, etc) and/or the MITRE ATT&CK framework and general adversarial/defensive security technique
  • Proficient at writing detections at scale using a detection-as-code approach for a wide range of systems leveraging version control, automated workflows, and test driven development
  • Experience in machine learning, SOAR, SEIM, Data Lake Security logging, UEBA, Detection languages (YARA/Sigma/ECS) and concepts including system networks are important as you help to drive out advance analytics in risk prioritization
  • Identify predictive events and behaviors based on data

 

 

 

  • Evaluate existing SIEM queries, reports and dashboards to make recommendations on changes of events being monitored
  • Produce documentation that will help to educate and socialize program updates to our key stakeholders
  • Significant experience in security monitoring, log analysis and detection building from large datasets to automate incident detection and response processes
  • •Experience "threat hunting", using threat intelligence to proactively and iteratively investigate potential risks and finding suspicious behavior in the environment
  • •Deep knowledge of attacker methodologies and techniques and corresponding incident response methodologies
     

Responsibilities:

In this position, the Detection Engineer is expected to:

  • Develop and maintain high fidelity, low noise alerts to effectively identify and prioritize critical cyber security issues.
  • Collaborate closely with other IT Security teams including SOC, Threat hunting teams, Threat Intelligence, Purple Team and the security engineering teams to understand and respond to emerging threats.
  • Conduct regular reviews and assessments of detection rules to ensure optimal performance, effectiveness and accuracy.
  • Participate in incident response activities and provide subject matter expertise when required.
  • Develop and maintain documentation related to threat detection.

You’ll join at an ideal time to make a big impact, the team is seeing very high growth, with many new features to build as well as a need for scaling up dramatically.
 

Qualifications

  • Must have 6+ years of experience in a security background, either in or adjacent to cyber threat intelligence, Security operations, threat hunting, security engineering, or cyber investigations and incident response team.

 

  • Preferred experience includes:
    • Have experience building dynamic threat analysis coverage using frameworks such as MITRE, Diamond, STRIDE, OWASP, PASTA and others.

 

    • Have experience developing and applying detective CTI skills (SIGMA/Yara/Vul Trigger/ IOC etc) in SecOps Tooling and understand the basics of how to incorporate these into security controls (Elastic/MSS/Splunk/IDS/etc).

 

    • Malware analysis, hacking tools, and advanced threat actor tactics, techniques and procedures.

 

    • Knowledge of scripting languages like python, powershell, etc.

 

    • Understanding of and experience with modern technical security controls and technologies, such as TIP’s, SOAR’s firewalls, SIEMs, IPS, HIPS, web proxies, etc.

 

    • Financial Industry/Banking Experience preferred.

 

    • Preferred Security certifications (e.g. Security+, GCIA, GCIH, CISSP, CRTP, OSCP)

Apply now »