Senior Detection Tuning & Optimization Analyst, COE @ Critical Start

We are seeking a Detection Tuning & Optimization Analyst to join the Critical Start Technologies Private Ltd. team, operating under the Critical Start umbrella, for our India operations. As an Analyst at Critical Start, your role is of utmost importance in the realm of identifying and responding to security alerts. You actively partake in configuring playbooks and event orchestration technologies. With your extensive knowledge of incident detection and response, you significantly contribute to reducing, resolving, and orchestrating events across numerous endpoints and SIEM (Security Information and Event Management) security products.

On a day-to-day basis, you'll be responsible for reviewing and delving into alerts generated by security tools, distinguishing between true and false positives, and taking actions to address these detections. Collaboration is key as you'll work closely with teams ranging from the Security Operations Center, engineeering, Security Engineering, and Implementations/Onboarding to guarantee the customer is in an ideal state before they progress.

Incident Detection and Analysis:

• Continuously monitor events generated by our array of security products to proactively identify potential incidents.
• Perform a thorough analysis and investigation of security alerts and escalate to RSOC as needed for official investigation and response .

Tuning and Alert Optimization:

• Conduct regular reviews of alerts to identify false positives and opportunities for reduction
• Analyze alert patterns and trends to optimize detection accuracy and efficiency
• Collaborate cross-functionally with automation and detection teams to implement necessary improvements
• Develop and maintain standardized orchestration processes for alert management
• Escalate potential false positives to relevant stakeholders, providing detailed analysis for informed decision-making
• Continuously refine alert criteria and thresholds to minimize noise while ensuring critical issues are captured
• Document and track alert optimization efforts, including rationale for changes and impact on system performance

Reporting and Documentation:

• Adhere to existing internal documentation and processes, ensuring consistency in work output.
• Identify gaps or outdated information in documentation and proactively update as needed.
• Create new documentation for undocumented processes, maintaining quality standards.
• Continuously improve documentation to enhance team efficiency and knowledge sharing.

Required Qualifications:

• 5+ years of experience in a relevant security analyst role and the ability to successfully complete a new analyst training program.
• Proficiency in written communication and a strong grasp of technical concepts.
• Exceptional verbal communication skills and the ability to effectively communicate across different teams.
• A solid understanding of SIEM tools, along with hands-on experience with EDR (Endpoint Detection & Response) and EPP (Endpoint Protection Platforms) solutions.
• Competency in network and system security, threat detection, and incident response.
• Outstanding problem-solving, critical thinking, and analytical abilities.
• Capacity to work effectively under pressure in a fast-paced and ever-changing environment.
• Proficient in handling and fine tuning alerts

Desired Qualifications:

• Possession of relevant certifications like CompTIA Security+ or Certified Ethical Hacker (CEH) is advantageous.

Imagine a dynamic, enjoyable, and rewarding work environment. We are professionals, and the work we do holds immense significance, like saving our customers from potential disasters. Howe'ver, we believe in not taking ourselves too seriously.

Prefer a casual dress code every day? No problem, as we find comfort enhances our thinking.

What does our Compensation and Benefits package entail?

• Competitive salary with bonus potential
• Flexible PTO (Paid Time Off) policy
• Depending on the role, you may work in the office, remotely, or adopt a hybrid work model.
• And a new Tesla... just kidding! Kudos for making it to the end.

Mental and Physical Requirements

Its important to note that specific physical and mental requirements may vary depending on the nature of the office job, organization, and individual responsibilities.

Physical:

• Stationary position for extended periods of time.
• Constantly operate a computer.
• Occasionally you may be required to move equipment or other items up to 20 lbs.
• The ability to communicate information and ideas so others will understand. Must be able to exchange accurate information in these situations.

Mental:

• Must be able to apply established protocols in a timely manner.
• Make timely decisions in the context of workflow.
• Ability to complete tasks and perform in situations requiring speed deadlines, or productivity quota.
• Ability to work effectively and efficiently in high stress situations.
• Ability to simultaneously address multiple complex problems.