Sr Analyst -Cyber Defense

Position: Sr Analyst I-Cyber Defense
Location: Prakāshamnagar

As one of the world's leading independent global investment firms, Invesco is dedicated to rethinking possibilities for our clients. By delivering the combined power of our distinctive investment management capabilities, we provide a wide range of investment strategies and vehicles to our clients around the world. If you're looking for challenging work, intelligent colleagues, and exposure across a global footprint, come explore your potential at Invesco.

Job Description

Duties:
Lead and coordinate incident response efforts for cloud-based environments (AWS, Azure, GCP).
Analyze and investigate security alerts, logs, and events from SIEM, EDR, and cloud-native tools.
Develop and maintain incident response playbooks, runbooks, and escalation procedures.
Collaborate with Cloud Ops, Cloud Engineering, and Application Teams to contain and remediate threats.
Analyze information security events from multiple sources, including SIEM, IPS/IDS, firewalls, Endpoint security, cloud security, email gateway, Identity protection, etc., identify the cause of incidents, and respond by applying containment and eradication strategies.
Design and implement IT security systems (Endpoint security, Email protection, Identity protection, Cloud security) to protect corporate network from cyber threats.
Respond and analyze cyber incidents, Monitoring IPS/IDS alerts, Coordinating and distributing advisories on cyber security Incident, vulnerabilities, and threats to relevant stakeholders.
Collaborate closely with Threat Intelligence, Incident Response, Business Security, Application Security, Technology, and other teams as vital.
Assess vulnerabilities and attacker tactics, techniques, and procedures (TTP) and provide defensive action to locate and prevent threats.
Review and analyze security data within the SIEM and network traffic such as full packet captures and analysis/or Net Flow data to detect traffic anomalies, identify infected systems, and threat actor related activity based on known tactics, techniques, and procedures.
Configure rules for real-time alerting in SIEM tool for events, analytic rules, automation rules, hunting queries & Playbook.
Conduct static and dynamic Malware Analysis.
Configure and deploy security policies, Rules, and controls within firewalls.
Configure Palo-Alto Security firewall Policies/Rules, Build Custom objects/Categories for network Configurations based on various enterprise requirements.
Create and enforce security policies in various Cyber defense tools (Endpoint security/Email gateway, firewalls, AD Groups) to mitigate risks.
Create and update interactive Security event/Incident Reports and Dashboards for executive leadership.
Conduct proactive Threat Hunting exercises to identify and mitigate security threats through the review of system logs, threat intelligence, network activity, and known tactics, techniques, and procedures.
Lead activities to simulate real-world cyber-attacks and assess effectiveness of defensive measures.
Configure IDS/IPS signatures based on Vendor-provided signatures, Vulnerability Database, CTI Feeds, TCP/IP, HTTP, FTP, SSH protocols following industry standards (NIST, PCI-DSS, HIPAA. etc.), regex, hex encoding and create Custom IDS/IPS based on opensource signatures (snort, Suricata).
Work under Team Leader to maintain security devices and show practical experience in managing SIEM environments, firewalls, content filters, NIDS, proxy servers, HIPS, and packet capture devices.
Perform malware analysis by sandboxing file, URL, decoding a script and locate IOCs (Indicators of Compromise) within the file while knowing and understanding the MITRE Kill Chain and other Cybersecurity standards.
Work on End-End malware remediation process from identifying malware, containing systems while assessing the Enterprise risk, Malware reverse engineering, identifying IOC's, updating identified signatures and Hunting IOCs in Enterprise environment.
Work on endpoint security Incidents while providing recommended actions for completely removing all traces of malware from the infected system, including rootkits, Trojans, viruses, and malicious software's restoring system to a known good state, ensuring the integrity and security of all data and applications.
Serve as the primary escalation contact for all security incidents in the absence of L3.
Make recommendations, build, modify, and update IPS policies, Endpoint AV security controls, Network AV security controls, and Security Information Event Management (SIEM) tool rules.
Mentor and train team members.
Deliver technical training in areas such as log monitoring, security event analysis, phishing email investigations, and incident handling.

Requirements:
Must have a Bachelor's degree in Software or Computer Engineering, Mechanical Engineering, Information Security, or related field.
Must have obtained at least one of the following certifications: CISSP, CompTIA Security +, CHFI ,AWS Security Specialty, AWS Solution Architect Associate
Strong knowledge of cloud…