Senior Incident Response Analyst
Acquia, is transforming the digital strategies of companies all over the world with our open cloud platform. We are passionate and relentlessly committed to helping our clients create digital experiences that are more relevant, personalized, and built for a fast-changing, always-connected, mobile-first world. Headquartered in the US, we have been named as one of North America’s fastest growing software companies as reported by Deloitte and Inc. Magazine, and have been rated a leader by the analyst community and named one of the Best Places to Work by the Boston Business Journal. We are Acquia. We are building for the future of the web, and we want you to be a part of it.
Acquia’s global Information Security team is seeking an Incident Response Analyst to work in our New Delhi, India office. In this role, you will lead incident management, forensic log analysis, malware analysis, security event monitoring, threat intelligence, and related activities. This role reports to the Director of Operations in New Delhi.
You think like a hacker would, anticipating the moves and tactics that hackers would use to try and gain unauthorized access to Acquia systems. You stay current on the latest developments in security and exploits against cloud-based products. Your newspaper of choice is ‘The hacker news’.
Responsibilities include, but are not limited to:
- Perform real time security alert event monitoring across all levels of the Acquia Platform, ticket triage and ticket closure.
- Investigate platform and if required application security incidents and determine the root cause performing log analysis and related digital forensics.
- Participate in 24 x 7 monitoring, triage and response for a global team.
- Continuous improvement of logging and monitoring tools - building automation, identifying security gaps to facilitate security workflows.
- Maintain a strong knowledge of common security vulnerabilities, attack vectors, methods, and remediation techniques (DDOS, Man in the Middle, Brute Force, SQL Injections, Cross-Site Scripting, Cross-Site Forgery Request).
- Develop, maintain and update monitoring alert queries.
- Train, educate and mentor junior analysts.
- 5-7 years experience working as part of an incident response team or a security operations center.
- Experience administering, developing, and using log management or SIEM tools
- Strong understanding of incident response workflow management and triage procedures
- Strong background with Linux, Apache, MySQL, PHP, Drupal and securing cloud platforms (AWS).
- Proficient in one or more coding languages (Python, PHP, Ruby, Go)
- High proficiency with continuous monitoring tools, such as SumoLogic, Splunk, ELK, or ArcSight.
- Understanding of Information Security Compliance & Regulations (PCI-DSS, HIPAA, etc.)
- Understanding of cloud security and networking principles and best practices.
- Must be dependable, reliable, and able to work independently and as a member of a team.
- Strong problem-solving abilities, initiative, and ability to thrive under pressure.
- Excellent interpersonal and communication skills.