Cyber security Openings

Great companies are built by great teams. When we discover the higher purpose of our work, we derive greater meaning from our jobs. In fact, work becomes a joy and each of us is then able to expand our capabilities and maximize our potential. At Network Intelligence, we strive to create such an atmosphere. With a tremendous focus on continuous learning, investments in training programs, freedom to switch teams, and strong encouragement for new ideas, we believe we are a great place to work for.

Join us on our mission to make the world a more secure place to live, transact and play. Send your resume to [email protected]

Cybersecurity Analyst - SSC
Designation: Cybersecurity Analyst - SSC
Job Code: HR1123
Location: Kolkata
Experience: 0.6 months – 2 yrs
Job Description:
  • Should be flexible to work in a 24x7 Security Operation Center (SOC) environment.
  • The Security Operations Center (SOC) Jr. Analyst will be responsible for daily activities supporting information security monitoring and response.
  • Monitor SIEM and by following operational process and procedures to appropriately analyze, escalate, and assist in remediation of security incidents
  • Should have basic networking knowledge.
  • Good understanding of networking protocols
  • Intermediate knowledge of OS – Windows and Linux preferable
  • Follow proper shift handover process
  • Excellent verbal and written communication skills.
Cybersecurity Analyst
Designation: Cybersecurity Analyst
Job Code: HR1125
Location: Saudi Arabia – Riyadh
Experience: 1+ years
Job Description:
  • 24X7 log monitoring for devices and systems integrated with the SIEM tool.
  • Review threat intelligent feeds from various sources*(includes the existing deployed Threat Intelligence feeds and open-source platforms) and implement detection controls based on available IoCs.
  • Provide threat hunting and security intelligence.
  • Assign risk rating for all the SIEM monitored assets in line with the Company's risk profile.
  • Enhance & optimize the monitoring rule base to detect threat patterns efficiently.
  • Creating, updating and closing incidents.
  • Escalating incidents manually when required.
  • Following up on alerts, determining whether or not an alert is a false positive and updating Incident Management databases with this information.
  • For alerts that are not false positives, incident management requires a follow up to verify if an affected system was vulnerable to a potential payload delivered, plus remediation (in coordination with the client) if a system was compromised.
  • Major incidents need to be actively managed through their entire lifecycle. Alert/notify the client on current and emerging malware threats, IOCs, C&Cs, etc.
  • Incident Management for malware incidents including providing emergency response, identify the root cause and provide a solution, coordinate with the backend team for additional support as required.
  • Provide malware status report and dashboards.
  • Daily reports including firewall change reconciliation, unauthorized database admin access, referrer log brand misuse reports, anti-virus policy non-compliance, unauthorized service provider access, privilege misuse/escalation.
  • Weekly reports including persistent top attackers, attacks, attack targets, trend analysis.
  • Provide analysis and trending of security log data from a large number of heterogeneous security devices.
  • Expertise on TCP/IP network traffic and event log analysis.
  • Provide correlation and trending of cyber incident activity.
  • Ability to correlate system behaviours based on known inter-dependencies between those systems.
  • Understanding of system logging including both Security and non-security logs.
  • Ensure a high level of quality when managing tickets, requests and Customer queries.
  • Prepare reports & distribute in readiness for Customer tuning calls.
Cybersecurity Consultant – Solutions
Designation: Cybersecurity Consultant – Solutions
Job Code: HR1126
Location: Cairo - Egypt
Experience: 2+ years
Job Description:
  • CyberArk Administration activities (Safe Creation, Accounts onboarding, PACLI automation, etc.)
  • Password Management and Handover Activities.
  • Basic Troubleshooting of issues on a daily basis.
  • Monitoring of L1 for CyberArk Team.
  • Providing Reports to management.
  • Creation of PSM Plugin Connectors.
  • CPM Troubleshooting.
  • Maintenance of Auto-Discovery Accounts.
  • Gap Analysis Reports on privileged accounts.
  • Windows OS Patching of CyberArk Servers.
  • Windows OS Patching of Azure Servers
  • Vault Server Patching.
  • DC-DR Drills.
  • Dormant account clean up.
  • Provisioning and De-provisioning of privileged accounts.
  • Audit Review (Internal and External) assisted by L2.
  • Non- Compliance activity Investigation.
  • Periodic assessments of Assets as per client requirements.
  • Approving of Privileged Access Request.
  • Approve, Rejection of Access Request of end-users.
  • Validation of CRQ tickets against PAM Requests.
  • Daily health check-up of CyberArk application.
SIEM Admin – SSC
Designation: SIEM Admin – SSC
Job Code: HR1038
Location: Mumbai
Experience: 2+ years
Job Description:
  • Responsible to deploying, administering and fixing SIEM (ArcSight\QRadar, Splunk) components (ESM, ADP, Investigate, UBA, Indexers, Heavy Forwarders, Splunk Enterprise Security).
  • Responsible for on-boarding of log sources for supported and unsupported devices.
  • Responsible for creating flex-development connectors for un-supported devices.
  • Design HLD\LLD for customers based on experience, best practices and understanding of customer environment.
  • Responsible to work with SIEM (ArcSight\QRadar, Splunk) content engineer to enhance Security Use-cases for SOC Environment.
  • Responsible for the completion of SIEM (ArcSight\QRadar, Splunk) Roadmap along with other team members in the SOC.
  • Responsible to work and integrate Automated Incident Smart Response in the SOC.
  • Supports definition and implementation of protocols to govern security assessment during on-boarding of new log sources.
  • Data normalization and ETL within Splunk.
  • Responsible for integration of logs and data feeds into Splunk through various methodologies, e.g., via Syslog connectors, utilizing DB Connect to pull data from on-site databases.
  • Managing all Splunk plugin configurations including ITSI and Enterprise Security.
  • Managing and monitor the Splunk infrastructure for capacity planning and optimization.
  • Installation of search heads, deployment servers, indexers & Enterprise Security App.
  • Manage Splunk knowledge objects (Apps, Dashboards, Saved Searches, Scheduled Searches, Alerts, etc.)
  • Manage and report on the activities and performance of the regional SOC team.
  • Provide input to the SOC policies and procedures and correspondingly evaluate and update regional SOC policies and procedures to ensure SOC personnel follow uniform processes.
  • Verify all SIEM components are functioning optimally.
  • Provides valuable insight and input to the identification of information security risk within the regional and brand enterprises and recommends priorities for risk mitigation.
  • Assists with patching recommendations and solution for zero-day threats.
  • Coordinates with stakeholders internal and customer.
  • Communicates with management on Project progress and activities assigned.
  • Responsible to mentor other team members.
  • Responsible to create Run-books for incident resolution and updating the incident response run-book database.
  • Responsible to conduct KT for client teams and internal SOC teams.
  • Develop content, analytics and detection around threat actor's tactics, techniques & procedures that are deliverable through our daily knowledge base updates.