Acts as the focal point for maintenance and monitoring of all antivirus/endpoint detection and response systems and analysis and response to emerging malware and other security related events. Incumbent is responsible for ensuring security events rising to a defined threshold are escalated as security incidents and handled in accordance with Wolters Kluwer Incident Response Policy and Procedure. When applicable, the IT Security Analyst will involve the Incident Response Team, other IT Security team members, IT Security Management and as directed, Senior WK Leadership.
Wolters Kluwer Global Business Services (GBS) is designed to provide services to the business units in the areas of technology, sourcing, procurement, legal, finance, and human resources. These global centers promote team collaboration using best practices around a specific focus area to drive results and enhance operational efficiencies. There is a constant endeavor to benchmark against best-in-class industry standards to improve the quality of deliverables, increase cost savings, enhance productivity, and reduce time to market for products and applications.
We have an amazing opportunity for an IT security analyst in India, available within our Global Business Services division! The IT Security Analyst in India will be responsible for monitoring antivirus and endpoint detection and response systems and response to all emerging malware-related security incidents as well as responding to new security related intelligence in order to protect and enhance the confidentiality, integrity, and availability of Wolters Kluwer assets.
This position is in Pune, India. Working on-site in an office is strongly preferred.
As the IT security analyst, you will be responsible for maintaining the antivirus and anti-malware systems, ensuring they are kept up-to-date and configured appropriately. Additionally, you will assist with information gathering efforts during investigation into suspected and confirmed security incidents to protect personal and confidential information at WK. In this role, you will be required to demonstrate proficiency in incident analysis, malware analysis, data gathering and information synthesis in the area of antivirus and anti-malware systems management. Your role will also include interfacing with and responding internal business unit IT representatives and stakeholders at all levels during management of systems and emerging security incidents, real or simulated.
Responsibilities:
- Accountable for the day-to-day review and assessment of malware-related security events that may become or contribute to security incidents.
- Ensures work is compliant with WK enterprise policies, procedures, and the local business plan
- Supports the investigation of reported security breaches and, in coordination with WK global security operations, develop procedures to respond to malware-related security incidents and assist with investigations
- Contributes to the analysis and delivery of findings to internal customers with impactful, comparative, interpretative malware analysis in a clear, consistent, and factual manner.
- Responsible for establishing communications bridges and meetings in support of efforts to remediate support issues with antivirus and anti-malware systems
- Provide advice and assistance to operational teams related to their antivirus and anti-malware support
- Responsible for aggregating information relevant to an antivirus/anti-malware support or emerging malware situation and synthesizing probable root cause
- Responsible for developing and recommending best course of action based on solid security principles
- Responsible for ensuring knowledge of IT security, emerging malware-related, and persistent threat scenarios is current
- Responsible for threat hunting using a variety of available sources and tools
- Responsible for monitoring and reviewing logs from a variety of sources in support of WK security and incident response operations
- Responsible for investigation into emerging incidents and initial network and host forensics
- Responsible for reviewing threat intelligence sources in support of WK security situational awareness
- Responsible for assisting in the development of malware and threat-related communications for potential dissemination to warn WK employees of an emerging situation
- Responsible for documenting malware threats and identifying procedures to avoid, mitigate or remediate
- Responsible for analyzing potentially malicious programs and software using a variety of tools to identify indicators of compromise (IOCs) that can be used in protective security systems
- Responsible for assisting with the creation of documentation for related to antivirus/anti-malware systems and malware handling procedures
- Responsible for providing antivirus, anti-malware and malware-related training and advice to team members on best security practices
- Responsible for monitoring sources that identify zero-day threats and work to protect from them
- Participate in research and development of malware protection tools and solutions
Other Duties
Performs other duties as assigned by the supervisor
Job Qualifications
Bachelor's Degree in Computer Science/MIS or equivalent experience
- 5+ years of total experience in Information Technology
- 2+ years of professional experience in an information security function, including analyzing and applying information security, risk management, and privacy practices
- 2+ years in an information security antivirus/anti-malware or malware analysis role
- Flexible to work in a 24*7*365 Security Operations environment
- Required Interpersonal Skills
- Excellent oral and written communication ability
- Ability to present complex technical issues and findings to diverse audiences in both technical and non-technical parlance, both orally and in writing
- Diplomacy in working with customers and stakeholders
- Ability to follow policy and procedure
- Ability to work in a team and at times perform under stress
- Demonstrate integrity in dealing with potentially sensitive data and restricted information
- Exceptionally self-motivated with a superior analytical, evaluative, and problem-solving abilities
- Ability to set and manage priorities judiciously
- Required Technical Skills
- Knowledge of basic security principles to include confidentiality, integrity, and availability; access control, authentication, and authorization; privacy and non-repudiation
- Understanding of security vulnerabilities and exposures, and from where they arise
- Familiarity with the Internet, its network protocols, and network applications and services
- Knowledge of network security issues and host/system security issues
- Understanding of malicious code of various types and various threat vectors
- Experience with Risk Analysis and Risk Management
- Experience in an incident response/security operations environment with threat hunting and identifying indicators of compromise (IOCs)
- Ability to perform basic network and host forensic procedures to determine root cause and level of compromise
- Experience with reviewing logs from a variety of sources, to include host logs, network traffic logs and logs generated by security monitoring tools
- Understanding of deception technologies to include honeypots/honeynets. honeytokens
- Basic understanding of programming and scripting, advanced knowledge a plus
- Ability to maintain incident records in support of WK recovery, regulatory and legal requirements
- Familiar with ITIL service management methodology.
- Prior experience in a 24x7x365 operations environment.
- Required Malware Analysis Skills
- Expert level knowledge of antivirus/anti-malware solutions (McAfee ePO/ENS and Crowdstrike Falcon a plus)
- Through good communication and documentation, presents a consistent front to customers and stakeholders
- Ability to synthesize data from technical skills listed above to understand and identify intruder techniques
- Ability to utilize interpersonal skills listed above to communicate with customers and stakeholders and bring quick resolution
- Demonstrated ability to analyze ongoing situations for the potential of a malware-related security incident
- Strong technical skills in antivirus/anti-malware rollouts and upgrades.
- Strong technical skills in analysis and information gathering related to potential malicious code artifacts in a safe, secure manner
- Experience and/or SME knowledge of ISO 27001, NIST 800-53, NIST CSF and PCI DSS.
- Preferred certifications: CISSP, ITIL, CEH, GCIA, GNFA, GREM, GCTI
