Skip to main content
Posted 09 July, 2026

IT Security Analyst II

T.D. Williamson
Vadodara, GJ, IN Full Time
Reference: 215e3ca5dae512f2

Job Description

Overview \n

\n

The IT Security Analyst II serves as a core contributor within TD Williamson’s Global Cybersecurity team, responsible for security monitoring, alert triage, incident response, and detection engineering across TDW’s global enterprise and industrial environment. TDW is a manufacturer and pipeline service provider whose products and field services are deployed directly into customers’ critical infrastructure operations. This role operates within a modern security operations function with exposure to OT/ICS-adjacent environments inherent to TDW’s manufacturing and pipeline services business.

\n

Key Responsibilities

\n

Primary duties may include, but are not limited to:

Security Monitoring & Alert Triage \n
    \n
  • Perform daily triage of security alerts generated by TDW cybersecurity solutions.
  • \n
  • Investigate and disposition alerts with documented verdicts (true positive, false positive, benign true positive), rationale, and supporting evidence.
  • \n
  • Manage alert queues and cybersecurity request tasks in TDW’s ticketing system, prioritize based on risk and context, and escalate confirmed or probable incidents per established runbooks.
  • \n
  • Operate across overlapping telemetry sources and apply source-awareness when correlating events.
    \n
  • \n
\n

Incident Response

\n
    \n
  • Participate in and lead (at tier) incident response activities following the cycle: Containment → Evidence Preservation → Root Cause Analysis → Remediation → Post-Incident Review.
  • \n
  • Conduct host-based, log-based, and identity-based investigation across available security tooling and data sources.
  • \n
  • Document incident findings clearly, distinguishing confirmed findings from hypotheses, and produce post-incident summaries suitable for technical and non-technical audiences.
  • \n
  • Support escalation to senior analysts, legal counsel, or external parties when incidents may constitute reportable breaches under applicable law (GDPR, PIPEDA, DPDP Act, etc.).
    \n
  • \n
\n

Identity & Cloud Security Support

\n
    \n
  • Support investigation and response for identity-based threats including credential abuse, MFA bypass attempts, suspicious sign-in activity, and Conditional Access policy violations.
  • \n
  • Work with identity and access management telemetry to identify anomalous authentication patterns and support policy enforcement decisions.
  • \n
  • Ensure alignment with Zero Trust principles and applicable compliance requirements.
    \n
  • \n
\n

​Threat Intelligence & Vulnerability Management

\n
    \n
  • Leverage threat intelligence platforms and open-source resources to enrich investigations, contextualize IOCs, and identify emerging threats relevant to TDW’s industrial sector and technology footprint.
  • \n
  • Support vulnerability management workflows; assist in prioritization of remediation based on exploitability, asset criticality, and threat context.
  • \n
  • Defang and safely communicate IOCs (IPs, domains, hashes) per operational security standards.
    \n
  • \n
\n

Documentation, Policy & Security Awareness

\n
    \n
  • Develop and maintain SOC runbooks, triage playbooks, and exception documentation to operational standards.
  • \n
  • Contribute to the development and review of information security procedures, ensuring alignment with NIST CSF 2.0, ISO/IEC 27001:2022, and MITRE ATT&CK.
  • \n
  • Provide consultation to IT engineering and business stakeholders on security best practices relevant to their operational context.
  • \n
  • Support security awareness initiatives and participate in knowledge transfer with peers.
    \n
  • \n
\n

Experience

Required \n
    \n
  • Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or a related technical field, plus 2–5 years of hands-on experience in a security operations, detection engineering, or incident response role; or an equivalent combination of education and directly applicable experience.
  • \n
  • Demonstrated experience working within a SIEM platform (Elastic, Splunk, Microsoft Sentinel, or comparable) including alert triage, query development, and rule management.
  • \n
  • Practical experience with endpoint detection and response (EDR) platforms and log-based investigation.
  • \n
  • Experience with ServiceNow or a comparable enterprise ticketing platform for incident tracking, request management, and documentation of security events.
  • \n
  • Familiarity with firewall technologies and proficiency in analyzing network and firewall logs to support triage and documentation of security findings.
  • \n
Preferred \n
    \n
  • Experience with Elastic Security (SIEM Serverless or self-managed), including KQL/EQL query authoring and Elastic ingest pipeline configuration.
  • \n
  • Experience with Microsoft cybersecurity tooling including endpoint protection, identity, and device management platforms.
  • \n
  • Familiarity with cloud environments (Microsoft Azure preferred) and cloud-native security telemetry.
  • \n
  • Familiarity with Cisco Meraki and Palo Alto firewall platforms is preferred.
  • \n
  • Exposure to industrial or OT/ICS environments; familiarity with the Purdue Model for ICS/SCADA architecture, IEC 62443, or equivalent OT security frameworks is a plus.
  • \n
  • Familiarity with application allowlisting concepts and platforms is preferred.
  • \n
  • Awareness of GDPR, PIPEDA, or other applicable privacy regulations as they relate to security monitoring, logging scope, and incident notification obligations.
  • \n
  • Understanding that security telemetry involving EU/EEA employee data (Belgium, Germany, Norway) carries specific data handling and breach notification obligations.
  • \n
  • Industry certifications such as CISSP, CompTIA Security+, CySA+, Elastic Certified Analyst, AZ-900 or equivalent cloud infrastructure certification (Azure, AWS, or GCP), ITIL Foundation, or equivalent.
    \n
  • \n
\n

Knowledge, Skills, and Abilities

\n
\nTechnical \n
    \n
  • Working knowledge of MITRE ATT&CK framework; ability to map observed behaviors to tactics and techniques and apply that context to detection and response decisions.
  • \n
  • Proficiency in KQL or comparable query language for security investigation and detection rule development.
  • \n
  • Understanding of Windows security event logging, authentication protocols, and common attacker techniques targeting Active Directory and Entra ID (e.g., credential theft, lateral movement, persistence).
  • \n
  • Familiarity with network concepts, DNS, TLS inspection, and cloud access security broker (CASB) functions.
  • \n
  • Ability to read and interpret process telemetry, command-line arguments, and file system events for behavioral analysis.
  • \n
  • Familiarity with NIST CSF 2.0 and ISO/IEC 27001:2022 as operational frameworks.
  • \n
Operational & Analytical \n
    \n
  • Strong analytical and investigative skills; ability to synthesize evidence from multiple sources into a coherent, defensible triage verdict.
  • \n
  • Sound judgment in distinguishing true threats from false positives without over-relying on single indicators.
  • \n
  • Ability to manage competing priorities in a fast-paced, globally distributed operational environment.
  • \n
  • Attention to detail in documentation; all investigation findings, exceptions, and tuning decisions must be clearly recorded.
  • \n
Communication & Collaboration \n
    \n
  • Strong written and verbal communication skills; ability to convey technical findings clearly to both technical peers and non-technical stakeholders.
  • \n
  • Ability to work collaboratively with IT Engineering, legal, compliance, and HR functions, particularly in cross-functional incident scenarios.
  • \n
  • Comfort operating in a globally distributed team across multiple time zones.
  • \n

Sign up for Job Alerts