Threat Detection and Response Analyst II (Hybrid)

Threat Detection and Response Analyst II (Hybrid)

For more than 80 years, Kaplan has been a trailblazer in education and professional advancement. We are a global company at the intersection of education and technology, focused on collaboration, innovation, and creativity to deliver a best in class educational experience and make Kaplan a great place to work.

Our offices in India opened in Bengaluru in 2018. Since then, our team has fueled growth and innovation across the organization, impacting students worldwide. We are eager to grow and expand with skilled professionals like you who use their talent to build solutions, enable effective learning, and improve students’ lives.

The future of education is here and we are eager to work alongside those who want to make a positive impact and inspire change in the world around them.

About the Role

The Threat Detection and Response Analyst II is a foundational member of the security team, serving as the first line of defense against cyber threats. This role is responsible for monitoring security alerts, performing initial analysis, and escalating potential incidents. Additionally, this role will assist in refining security detections and participate in guided threat hunting activities to proactively identify threats and protect organizational assets.

Primary/Key Responsibilities

• Alert Monitoring & Triage: Perform real-time monitoring of security alerts from tools like SIEM and EDR. Conduct initial triage of alerts using established procedures and playbooks to determine if they are true or false positives.
• Initial Investigation: Analyze security events to gather essential information and context. Use security tools to investigate indicators of compromise (IOCs) and anomalous activity.
• Incident Escalation: Escalate validated security incidents to Senior Level or higher analysts for in-depth investigation and response. Provide clear and concise information to support the incident response process.
• Detection Engineering Support: Assist senior analysts in tuning and optimizing existing security alerts. Provide feedback on alert fidelity from a front-line perspective to help reduce false positives and improve the accuracy of detection rules.
• Guided Threat Hunting: Participate in structured threat hunting missions based on hypotheses and threat intelligence provided by senior team members. Use security tools to search for evidence of specific tactics, techniques, and procedures (TTPs) within the environment.
• Documentation: Create and maintain detailed tickets for all monitored alerts and escalated incidents. Document findings from threat hunting activities for further analysis.

Hybrid Schedule

3 days remote / 2 days in office. 30-day notification period preferred.

Minimum Qualifications

• Bachelor's Degree in Information Systems, Engineering, IT, Computer Science, Cybersecurity, or a related field. Equivalent alternative education, skills, and/or practical experience is also acceptable.
• 4+ years of experience in an IT, help desk, or cybersecurity role. Experience gained through internships or relevant coursework is also considered.
• Basic understanding of common attack techniques and the MITRE ATT&CK framework.
• Familiarity with navigating security dashboards (e.g., SIEM, EDR) to review alerts, log analysis, rule creation, and dashboarding.
• Foundational knowledge of network protocols, operating systems (Windows, Linux), and cloud environments (AWS, Azure, GCP).
• Familiarity with ability to perform root cause identification and remediation planning/tracking.
• Basics of SIEM query languages (e.g., SPL, KQL) to search logs.
• Strong attention to detail with an inquisitive and analytical mindset.
• Excellent written and verbal communication skills for documenting and escalating issues.

Preferred Qualifications

• Relevant entry-level security certifications (e.g., CompTIA Security+, CySA+).
• Familiarity with scripting languages (e.g., Python, PowerShell) for automation and analysis.
• Familiarity with SOAR platforms and developing automation playbooks.
• Exposure to cloud security monitoring and incident response in cloud environments.
• Exposure to regulatory compliance requirements (e.g., SOX, PCI DSS) as they relate to vulnerability management.
• Exposure to security frameworks and standards (e.g., NIST, ISO 27001, CIS Benchmarks).

Total Rewards Package Includes

• Hybrid work model provides a flexible work/life balance.
• Voluntary Provident Fund.
• Gift of Knowledge Program for tuition assistance and discounts.
• Comprehensive health benefits (eligibility starts day 1).
• Generous Paid Time Off (National holidays, Earned leaves, sick leave, volunteer day).
• Gratuity applicable after 5 years.

At Kaplan, we believe in attracting, rewarding, and retaining exceptional talent. Our compensation philosophy is designed to be competitive within the market, reflecting the value we place on the skills, experience, and contributions of our employees, while taking into account labor market trends and total rewards. The specific compensation offered will be determined by a variety of factors, including but not limited to the candidate's qualifications, relevant experience, education, skills, and market data.

Key skills/competency

• Threat Detection
• Incident Response
• SIEM
• EDR
• MITRE ATT&CK
• Log Analysis
• Network Protocols
• Cybersecurity
• Cloud Security
• Communication Skills