Job Description

Engages in Wolters Kluwer security event review, alert escalations, incident handling. Incumbent is responsible for ensuring security events rising to a defined threshold are escalated as security incidents and handled in accordance with Wolters Kluwer Incident Response Policy and Procedure. When applicable, the IT Security Analyst will involve other IT Security team members, IT Security Management and as directed, Senior WK Leadership.Wolters Kluwer Global Business Services (GBS) is designed to provide services to the business units in the areas of technology, sourcing, procurement, legal, finance, and human resources. These global centers promote team collaboration using best practices around a specific focus area to drive results and enhance operational efficiencies. There is a constant endeavor to benchmark against best-in-class industry standards to improve the quality of deliverables, increase cost savings, enhance productivity, and reduce time to market for products and applications. We have an amazing opportunity for an IT Security SOC Analyst (Incident Management), available within our Global Business Services division! The IT Security SOC Analyst (Incident Management) will be responsible for monitoring and response to all emerging security incidents to protect and enhance the confidentiality, integrity, and availability of Wolters Kluwer assets. This position is onsite in Pune, India.As an IT Security Analyst, you will perform duties and tasks as a part of the Global Security Operations team to ensure potential security incidents representing vulnerability and exposure to Wolters Kluwer are contained, remediated and analyzed from a preventative perspective. In this role, you will be required to demonstrate knowledge in security incident handling and incident response and information synthesis in every area of IT security management. Your role will also include interfacing with and responding to internal business unit IT representatives and stakeholders at all levels during performance of your duties.

• Supports the response to and recovery from emerging information security incidents, acting as the focal point leading response efforts and ensuring effective action to contain and remediate the situation
• Supports the investigation of reported security breaches and, in coordination with WK Global Security Operations, develop procedures to respond to security incidents and assist with investigations
• Performs review of security platforms from the WK perspective, in conjunction with other members of the Security Operations Team.
• Responsible for supporting Security Incident Managers on communications bridges and meetings
• Working with business units to understand and properly address emerging incidents in accordance with WK policy and established best practices.
• Liaison to customer Business Units and other GBS organizations for security operations concerns.
• Ensures work is compliant with WK enterprise policies, procedures and the GIS strategic plan
• Identify and assist in the operationalization of new solutions and technologies during transition to steady-state operations, as directed
• Supports the investigation of reported security events and incidents and, in coordination with WK other global security operations team members, responds to security incidents and assists with ongoing investigations and root cause analysis (RCA).
• Contributes to the analysis and delivery of findings to internal customers with impactful, comparative, interpretative security analysis in a clear, consistent, and factual manner.
• Develops and recommends best course of action based on solid security principles
• Ensures assigned post-mortem and lessons-learned actions are completed, following incident restoration of service
• Takes part in cross-functional incident exercise activities, ensuring that policy and procedure are followed
• Responsible for ensuring knowledge of IT security and hardening best practices remains current
• Responsible for reviewing threat intelligence sources is support of WK security situational awareness
• Assists in developing vulnerability and threat-related communications for potential dissemination to warn WK employees of an emerging situation, focused on improving awareness
• Ensures information arising from incident response activities is communicated to the proper operational contacts for awareness and possible action

Performs other duties as assigned by supervisorMinimum of 2-5 Years of Experience in SOC operations and security alert monitoring.
Experience in Creating, managing, and dispatching incident tickets for Security alerts; In Office (Subject to Flex Work Policy) Experience in SOC monitoring, working knowledge in QRadar (preferable) or other SIEM tools like LogRhythm, ArcSight, Splunk, McAfee Nitro, and AlienVault USM Anywhere.

• 24x7 Active monitoring of Security events using SIEM (based on standard operating procedure).
• Monitoring network security events and take appropriate action based on security policy.
• Perform detailed investigation on the alerts escalated by L1.
• Creating new rules, Dashboards, reports on different SIEM tools to detect new threats.
• Understand cyber - attack methods, perform analysis of security logs in an attempt to detect unauthorized behavior.
• Experience in performing Root Cause Analysis for data from SIEM
• Responsible for Incident Validation, Incident Analysis, Solution Recommendation
• Review the correlation rules and define the improvement plan. Fine tune the system.
• Stay current on IT security trends, intelligence and news.
• Handling escalations from L1 Analysts.
• Review Process, Compliance, Reports, KPIs.
• Familiarity of ITIL processes.
• Experience on Phishing email analysis.
• Good understanding on Security devices like Firewall, IPS/IDS, Proxy, Email Gateway, WAF, Antivirus.
• Experience in Cloud security, Threat Hunting, Threat Intelligence, Malware Analysis, Incident Response, Trend & Pattern Analysis, Machine Learning would be added advantage.
• Assist with the development, revision, and maintenance of Run books, Standard Operating Procedures/ Knowledge base and Working Instructions related to IT Security.
• Monitors health of data sources, check for all the tools and report any shortcomings immediately to the concerned team.
• Knowledge on servers and networking, Good knowledge on cyberattacks and cyber threats
• False positive mitigation and perform real-time analysis on all the integrated devices.
• Understanding of vulnerabilities in OS, Applications, Network devices and perform vulnerability assessments
• SIEM report analysis and prepare the daily/weekly/monthly and ad-hoc reports.
• Monitor external event sources for threat intelligence and actionable incidents.
• Follow Incident Management for SLA Matrix, Escalation matrix to resolver groups.
• Document all activities during an incident and providing leadership with status updates during the life cycle of the incident.
• Must comply with any regulatory requirements.
• Experience dealing with senior leadership, both in leading calls and also in writing documentation.

• Occasional Domestic or International Travel, up to 25%, as directed

Should be able to travel to office and support the work necessary to accomplish successful deliverables within the role. No heavy lifting of equipment is required for this role.

Wolters Kluwer