Job Title: Senior Support Analyst

Job Code: 3720

Country: IN

City: Mumbai

Skill Category: IT\Technology

Description:

Title: GCTI Automation Engineer

Manager: Trishant Shetty

Division: Security Operations Center

Department: GTS

Background Information:

The Global Information Security teams are responsible for the confidentiality, integrity and availability of the firm’s information and assets. Responsible for maintaining, communicating and raising awareness of the Policy. Facilitate the effective implementation and compliance of the firms polices.

The Global Information Security Team is based in Europe, Asia, India and America.

Description of IT service:
The candidate will assist in automation of SOC processes and reporting requirement.

Duties & Responsibilities:

Job Overview:
Responsibilities:

Strong scripting skills mandatory in Python.
Work with technology SME’s to collect and document uses cases and develop integrations and playbooks
Collaborate with other platform owners to ensure integrations working as designed
Drive continuous improvement on existing playbooks based on requirements from operations team for changes in threat landscape or security controls
Use REST calls to various APIs to enrich and contextualize alarms
Write and execute SQL to manipulate data in SQL databases like Postgres
Write and execute NoSQL queries in MongoDB / Elastic databases
Preferred Working experience on Security Tools - SIEM, End Point Security, Email Security, Web Proxy, Firewall etc.
Advanced skills in Excel are necessary and experience in MS Access is desirable.
Writing custom reports, SQL Scripts, Advance Searches and queries
Troubleshoots data issues, validates result sets, recommends and implements process improvements
Ability to effectively translate management requests in to reporting specifications.
Possess strong communication and analytical skills to effectively elicit, capture, develop and implement management requirements from reporting perspective.

Role has the scope to expand further based on success and integration of the above core function.

Knowledge, Skill, Experience Required:

Essential:

Strong scripting skills Python/PowerShell Scripting
Familiarity with security orchestration and automation tools to build SOAR playbooks, REST API based automation workflow in collaboration with Security Operations, Threat Intelligence, Vulnerability Management teams.
Design report options and/or database queries to meet the needs of the organization
Security Mindset to research threats and bring implementation idea’s to automate manual task
Strong understanding of Regular Expressions.
Strong English Language skills
Ability to prepare accurate reports for all levels of staff in a language and tone appropriate to the audience.

Beneficial:

PowerShell, Perl or Shell Scripting
Creation of Selenium based scripts in python for automation
Knowledge of ServiceNow Development.
Knowledge of SQL Server Reporting Services (SSRS) skills for writing reports and creating data extracts from a Database is desirable.
Prior experience on Threat Hunting, creating hypothesis and doing data search on Big data lake platform.
ASP .NET

Python-based web framework – Django/Flask
Proficiency in development practices like test automation, CI/CD, source version control, GitHub, etc.
Microsoft Technology Associate(MTA):Database Administration Fundamentals
Microsoft Certified Solutions Associate (MCSA): SQL Server 2008/2012 certification.
MCSE: Business Intelligence certification

Personal Characteristics:

Strong communication skills, ability to work comfortably with different regions
Actively participate within internal project community
Good team player, ability to work on a local, regional and global basis and as part of joint cross location initiative.
Self-motivated, able to work independently and with a team
Able to perform under pressure.