Job Information
Carsome Security Analyst in Mutiara Damansara, Malaysia
About
The Security Analyst II is responsible for day-to-day cybersecurity operations, including monitoring alerts, investigating incidents, validating endpoint hygiene, and ensuring timely execution of remediation plans. The role serves as a tactical executor under the direction of the Senior Manager, Cybersecurity and in coordination with the SOC and Infrastructure teams. Ideal candidates are those with solid hands-on experience in endpoint security, log triage, DLP monitoring, and vulnerability management.
Your-Day-To-Day
Security Event Monitoring & Response:
Monitor alerts from EDR (Crowdstrike), DLP (Google Workspace), and other SIEM sources; investigate and escalate validated events.
Coordinate with Managed SOC for Level 1/2 triage, assist in root cause validation, and track incidents to closure.
Participate in incident response processes, including evidence collection, analysis, and response documentation.
Endpoint & Device Visibility:
Continuously monitor CS and MEDC installation status, highlighting assets lacking endpoint visibility.
Conduct hygiene validation exercises against endpoint baseline (e.g. Crowdstrike health, GWS login telemetry, etc).
Work with IT Service Operations to address untagged, unmonitored, or misconfigured devices.
Vulnerability & Patch Coordination:
Review scan results (e.g., Tenable.io) for high/critical findings and follow up with Infra and IT Ops for remediation status.
Support prioritization of vulnerabilities based on asset classification and exposure.
Participate in monthly patch and remediation governance tracking.
DLP Operations & Enforcement:
Investigate DLP rule violations, verify false positives, and escalate breaches aligned to Data Classification policy.
Maintain documentation on DLP cases and support tuning of policies with the Cloud Security Engineering team.
Support Falcon Data Protection rollout testing (PoC) and feedback loop.
Reporting, Compliance & Audit Support:
Maintain operational metrics related to endpoint coverage, DLP alerts, and vulnerability remediation.
Support audit activities requiring endpoint agent matching, asset traceability, and license reconciliation.
Assist with monthly/quarterly reporting to Cybersecurity GRC and CTO functions for ongoing governance reviews.
Qualifications & Experience:
Education: Bachelor's degree in Cybersecurity, Information Technology, or a related discipline.
Experience: 2–4 years' experience in a SOC, IT security operations, or security analyst capacity. Proven experience handling EDR, SIEM, DLP, or VA tools in a mid-size or enterprise organization.
Technical Skills:
Familiarity with endpoint protection platforms (e.g., Crowdstrike, Carbon Black, SentinelOne).
Exposure to vulnerability management tools (e.g., Tenable, Qualys) and patching workflows.
Working knowledge of DLP controls in Google Workspace or Microsoft 365 environments.
Ability to interpret alerts, analyze logs, and investigate user or system behavior anomalies.
Certifications (Preferred):
CompTIA Security+, Crowdstrike Certified Falcon Administrator (CCFA), Google Workspace Security Admin, or equivalent.
Soft Skills:
Effective communication and collaboration skills for working with diverse teams and third-party vendors.
Adaptable to changing priorities and able to manage workload independently.
Core Competencies:
Operational Rigor – Structured and process-driven approach to handling incidents and tasks.
Analytical Thinking – Strong diagnostic skills and an investigative mindset for incident triage.
Communication – Able to write clear incident summaries and collaborate across teams effectively.
Accountability – Owns assigned alerts, tasks, and follow-ups until closure.
Continuous Learning – Seeks to stay updated with new threats, tools, and defensive techniques.