Responsibilities
Job Summary
Finastra's Cyber Security Operations team is at the front line of detecting, monitoring for and responding to cybersecurity incidents within the global infrastructure. You will have a crucial role in defending the enterprise network from potential and active threats. You will be agile, willing to learn and able to think outside of the box in order to operate effectively in a dynamic threat landscape. You will have the opportunity to work with cutting edge tools to monitor and defend the enterprise and customers from a wide array of cyber threats.
Responsibilities:
Providing first level response for security events including but not limited to intrusion detection, malware infections, denial of service attacks, privileged account misuse and network intrusions.
Want more jobs like this?
Get Software Engineering jobs in Bangalore, India delivered to your inbox every week.
Following defined workflow and processes for threat remediation and escalation/handoff where required.
Utilizing a variety of cloud-based and on-premises security tools and techniques to proactively analyze suspicious events, network anomalies and other potential threats to determine validity, impact, scope and recovery options.
Using automated malware analysis tools to determine threat impact and taking actions appropriately.
Support and administration of security tools and platforms in diverse, cloud-based and on-premises environments.
Configuring and monitoring Security Information and Event Management (SIEM) platform for security alerts. Integrating and working with the firm's Managed Security Services Provider (MSSP) services.
Improving the service level for security operations and monitoring. Creating and maintaining system documentation for security event processing. Expanding the usage of security monitoring tools to improve the security of the environment based on business use cases or changes in threat landscape, root causes from security incident response, or output from security analytics.
Experience Required :4+Yrs
Experience in an Operations Center (SOC/NOC) / monitoring environment.
Experience working with SIEM technologies (e.g., ArcSight, QRadar, Splunk, Azure Sentinel, etc.) or Managed Security Service Providers (MSSP).
Experience with threat monitoring procedures.
Demonstrable knowledge of threats, attacks, logs, operating systems and security technology (firewalls, anti-malware, proxies, etc.).
Cybersecurity experience in the financial industry.
Knowledge and understanding of cyber risks and security issues in cloud-based and on-premises environments.
Knowledge of cyber security techniques, platforms and technologies (Enterprise Antivirus, IDS, deep packet inspection and host/network threat analysis).
Knowledge of networking (including the OSI Model, TCP/IP, DNS, HTTP, SMTP), system administration and/or security architecture.
Knowledge of common enterprise Operating Systems (Windows 10, Windows Server, Linux, etc.)
Knowledge of the fundamentals of mobile platforms: iOS, Android.
Excellent verbal and written communication skills.
Strong troubleshooting skills.
Ability to work well both independently and in a highly collaborative environment.
Ability to manage multiple priorities in a high-pressure environment.
Effective organizational skills.
Ability to comply with any regulatory requirements.
Certification in one or more of the following areas is desired but not required:
GIAC Security Essentials Certification (GSEC), GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Enterprise Defender (GCED), GIAC Certified Windows Security Administrator (GCWN), GIAC Certified UNIX Security Administrator (GCUX), GIAC Continuous Monitoring Certification (GMON), GIAC Certified Perimeter Protection Analyst (GPPA), GIAC Certified Detection Analyst (GCDA), Certified Information Security Professional (CISSP).