Analyst – MSS – EDR/XDR

This role supports our clients’ Security Operations Centre.

We're seeking an Analyst with a strong background in EDR, XDR (CrowdStrike, Cortex XDR, Windows Defender, SentinelOne) and SIEM tools with a good level of expertise in navigating Windows and Linux file systems via the Command line or using PowerShell. Experience scripting in Bash, PowerShell or Python is an advantage.

Knowledge of Cyber security frameworks such as Martin Lockheed Kill Chain, MITRE ATT&CK, Pyramid of Pain and Diamond model of intrusion analysis. Solid understanding of Windows, Linux and/or Mac process internals, structure and/or information would be extremely beneficial.

The Analyst performs in initial investigation and triage of security incidents, writes incident report with details of the investigation findings, initiates response actions if applicable and provides applicable recommendations and next steps to the client based on the findings from the investigation. The Analyst applies trusted advisor techniques on all engagements with clients.

What You’ll Do

Services Delivery (70%)

• Monitor, analyze, and triage cyber security alerts on the EDR/XDR tool by applying industry accepted analytics techniques and cyber security frameworks such as Kill Chain and MITRE ATT&CK
• Takes ownership of in-scope cyber incident investigations
• Create, manage, and follow up on service tickets
• Monitor and manage request and incident queues and provide response and resolution within Service Level Agreement and Service Level Objective
• Follow defined processes for incident response
• Correlate event details within the incident timeline to identify malicious activities leveraging EDR/XDR tool
• Carry out extended searches for leveraging the SIEM platform to provide in-depth investigation and identify full attack path where applicable
• Recommends updates to documentation as needed
• Research and analyze threat intelligence and indicators of compromise (IOC) for applicability during incident investigation
• Review alerts, decipher false positives, and follow through on incident investigations
• Initiate response actions via the EDR or XDR tool for incident remedial action
• Evaluate risk of security alerts and make appropriate recommendations to mitigate evaluated risks
• Update service tickets and cases with investigation evidence
• Apply Trusted Advisor techniques to build up client trust and influence loyalty
• Carry out rapid IOC searches based on given IOC obtained from threat intelligence feeds across clients’ endpoint/extended detection and response platforms
• Escalate issues encountered during the shift to the Consultant, Manager or both

Professional Development (30%)

• Attend training sessions or shadowing activities and obtain industry-related certifications as determined by the Manager
• Participate in all in-house CTFs and self-paced training

What You Need to Succeed

Must-Have:

• Bachelor's degree (B.A./B.S.) or 3-year diploma in Engineering, Computer Science, or Technology related field
• At least 1 year of work experience in supporting information systems, preferably in a Security Operation Center (SOC) or similar environment
• At least one (1) technical certification in such as: QRadar, LogRhythm, Exabeam, Comptia Security+, Comptia CYSA, CEH, Microsoft Certified: Security Operations Analyst Associate, etc.

Other Position Requirements

• The candidate must be proactive and pay attention to details
• Works collaboratively with other teammates
• Takes ownership and drives issues towards a resolution
• A good understanding of IT infrastructure systems, Cybersecurity fundamentals, vulnerability management fundamentals, endpoint and server administrations, network routing and switching, network traffic analysis and administrationAbility to acquire technical skills and certifications required to effectively execute the role, develop familiarity with industry or specialty products/services, and apply the knowledge gained through training
• Ability to investigate problems and use standard operating procedures and processes to resolve them
• Good troubleshooting and problem-solving skills. Possess an innate curiosity and critical thinking mindset
• Ability to establish positive working relationships and contribute to team objectives in a consulting environment
• Good verbal, written communication skills and the confidence to engage the clients effectively
• Proven time management and organizational skills
• Knowledge of productivity tools such as Word, Excel, Visio, PowerPoint, and Outlook skills

Nice-to-Have

• Previous experience working in a Security Operations Centre (SOC) environment or similar environment