Listing Description
This role is a key part of the monitoring and triage arm of Salesforce Security, responsible for analysing events across a large and complex environment in order to identify security incidents and protect our customers. To do this, our Event Analysts use their exceptional judgment and security expertise to distinguish truly interesting events from "noise". In a typical hour, an analyst might examine a malicious email, investigate suspicious network traffic, review an unusual login event, and analyse a PC with a potential malware issue.
Senior Security Event Analysts play a crucial role in the team, acting as an internal escalation point, providing guidance to frontline analysts, and handling more complex analysis tasks (level 2 analysis). As a Senior Analyst, your exceptional security knowledge is needed to understand novel attacks and activity which has not been seen before. Rather than follow established processes, you will need to think on your feet, analyse a complex situation, and quickly distinguish malicious activity from innocuous.
A successful Senior Analyst will have a passion for teaching and developing others, acute attention to detail, a healthy dose of paranoia and a logical approach to analysis and problem solving. This role also needs exceptional communication skills (verbal and written), and an ability quickly understand complex information while recognising familiar elements within complex situations.
This position is based in our brand new facility in Hyderabad, India. As a 24/7 team, Event Analysts work shifts which include nights and weekends. The role is a key part of our global information security team, involving daily interaction with the Salesforce CSIRT and other security teams, which means fluent English is essential. As a Senior Analyst, occasional on-call periods may be necessary.
APPLY HERE: http://salesforce.careermount.com/career/58183/Senior-Security-Event-Analyst-24-7-India-HyderabadAt least 5 years of professional experience, with the majority focussed on information security
At least 2 years of experience in a Security Operations Centre (SOC) or incident response team
Experience with SIEM systems such as Splunk, AlienVault, QRadar, ArcSight or similar
Strong interest in information security, including awareness of current threats and security best practices
Familiarity with core concepts of security incident response, e.g., typical phases of response, vulnerabilities vs threats vs actors, Indicators of Compromise (IoCs), etc.
Experience handling the most complex escalated cases in a Security Operations or Incident Response environment (L2 / second-level cases)
Experience mentoring and developing junior team members
Experience developing and delivering internal training / knowledge transfer sessions within an information security team
Exceptional communication skills, including an ability to quickly and concisely summarise complex situations
Familiarity with system administration and security controls on Linux and Windows, including in Active Directory environments
Experience investigating security issues and / or complex operational issues on Windows and Linux
Knowledge of email security threats and security controls, including experience analysing email headers
Strong technical understanding of network fundamentals and common Internet protocols, specifically DNS, HTTP, HTTPS / TLS, and SMTP
Experience analysing network traffic using tools such as Wireshark, to investigate either security issues or complex operational issues
Experience analysing system and application logs (e.g., web or mail server logs), either to investigate security issues or complex operational issues
Listing Details
- Citizenship: No Requirements
- Incentives: Not Provided
- Education: No Requirements
- Travel: No Travel
- Telework: No Telecommute