airtel
Website:
airtel.com
Job details:
Role Overview
The L2 DLP / CASB Security Analyst is responsible for monitoring, investigating, and responding to Data Loss Prevention (DLP) and Cloud Access Security Broker (CASB) security alerts and incidents within the organisation’s managed security environment.
The analyst will perform deep investigation, incident response, tuning, and policy optimization to ensure the protection of sensitive data across endpoints, email, cloud applications, and collaboration platforms.
The role requires strong knowledge of data protection technologies, cloud security, threat detection, and incident analysis.
Key Responsibilities
DLP Monitoring & Incident Investigation
- Monitor DLP alerts and incidents generated from enterprise security tools.
- Investigate data exfiltration attempts, policy violations, and suspicious data activities.
- Perform root cause analysis and determine whether incidents represent true security threats or false positives.
- Escalate critical incidents to L3 / Incident Response teams.
CASB Monitoring & Cloud Security
- Monitor and analyse CASB alerts related to cloud application usage and data movement.
- Investigate suspicious activities across SaaS platforms (M365, Google Workspace, Salesforce, etc.).
- Identify shadow IT usage and risky cloud applications.
- Monitor abnormal user behaviour and data transfers to external cloud services.
Incident Response
- Conduct initial containment and response actions for confirmed DLP or CASB incidents.
- Work with SOC, IR teams, and business stakeholders to mitigate risks.
- Document incident findings and response actions in the ticketing system.
Policy Tuning & Optimisation
- Assist in creating, modifying, and tuning DLP and CASB policies to reduce false positives.
- Implement new data classification and protection policies.
- Support the deployment of new security controls and detection use cases.
Threat Analysis
- Identify potential insider threats, data leakage patterns, and risky user behaviour.
- Perform trend analysis of DLP incidents and provide improvement recommendations.
- Correlate alerts with SIEM events and other security tools.
Reporting & Documentation
- Prepare incident reports and investigation summaries.
- Maintain documentation of playbooks, procedures, and response workflows.
- Provide metrics and dashboards related to DLP and CASB incidents.
Required Skills
Technical Skills
- Experience with DLP and CASB technologies
- Knowledge of data classification and protection policies
- Understanding of cloud security concepts
Experience with one or more tools:
DLP Platforms
- Symantec DLP
- McAfee DLP
- Digital Guardian
CASB Platforms
- Trellix DLP
- Skyhigh Security
Security Knowledge
- Data exfiltration techniques
- Insider threat detection
- SaaS security risks
- Cloud security architecture
- Security incident response
SIEM & Investigation Tools
- Experience with SIEM platforms such as:
- Splunk
- QRadar
Soft Skills
- Strong analytical and problem-solving skills
- Ability to work in 24x7 SOC operations
- Strong communication and documentation skills
- Ability to collaborate with security teams and business stakeholders
Good to Have
- Experience with UEBA solutions
- Knowledge of the MITRE ATT&CK framework
- Experience with automation and scripting (Python / PowerShell)
Click on Apply to know more.