Responsibilities
- Assist in reviewing and developing security policies to align with organizational needs and standards.
- Deliver and support user-focused security awareness initiatives to promote safe practices.
- Conduct monitoring and testing activities to verify adherence to security policies and regulations.
- Observe security tools and dashboards—including SIEM, endpoint, and email protection systems—for alerts and anomalous behavior, aiding in triage and escalation.
- Adjust SIEM detection rules, correlation queries, and alert sensitivity levels under senior guidance to minimize false positives and enhance threat identification.
- Develop and manage SIEM dashboards and reports to provide actionable insights for IT and leadership teams.
- Support early-stage incident investigations by gathering logs, performing preliminary analysis, and documenting findings to assist remediation efforts.
- Execute incident response procedures using established runbooks and recommend updates when procedural gaps are found.
- Help configure and oversee security settings in Azure and AWS environments, including logging, IAM, security groups, and baseline hardening.
- Collaborate with IT teams to ensure systems and devices are properly logged, monitored, and hardened against threats.
- Participate in regular evaluations of access permissions, multi-factor authentication, and conditional access policies across cloud and on-prem systems.
- Support vulnerability management by collecting scan data, tracking remediation progress, and confirming resolution with responsible teams.
- Assist in managing endpoint protection tools such as EDR and antivirus, and respond to endpoint alerts according to defined procedures.
- Help implement and maintain identity and access management controls, including role-based access and account lifecycle management.
- Contribute to creating and updating standardized build and hardening checklists for devices and cloud resources, ensuring compliance during deployment.
- Keep security-related documentation current, including configurations, dashboards, response playbooks, and operational procedures.
- Support internal and external audits by compiling evidence, screenshots, and reports from security platforms.
- Help track and report security metrics such as alert volume, response times, and patching rates, and propose enhancements.
- Assist with security-related tasks during employee onboarding and offboarding, including access provisioning and device enrollment.
- Work with IT teams to integrate logging and security controls into infrastructure and application changes.
- Stay informed about advancements in security technologies and best practices for SIEM, cloud, and endpoint protection, and share insights with the team.
Work Arrangement
Remote (Country) — India