Security Incident Response

*Looking for someone with strong IR & Investigation Skills with basic/mid level knowledge of Forensics*

This Job Role addresses the following activities:

Cyber Security Incident Response

Digital Forensics and Investigation

Job Accountabilities:

Plan and Oversee daily activities of forensic analysts and incident responders

Conduct forensic investigations, identify systems of interest and direct data acquisition, analysis and containment measures

Conduct network forensics, intrusion analysis, malware analysis and reverse engineering, threat intelligence fusion (wherever possible/ required) to identify the root cause / patient zero

Build knowledge and skills within the team on latest forensic tools, endpoint threat detection tools, technologies and techniques on an ongoing basis

Work with red team/ penetration testing teams to strengthen detection and response measures for advanced attacks and contribute to the knowledgebase of the Cyber Defence Center

Able to conduct manual investigation of Cyber Incident by correlating logs, events from multiple devices, servers, etc.

Able to develop standard operating procedures, playbooks for Cyber Incident Response.

Contribute to enhanced detection capabilities of the CDC using threat intelligence and drive innovation and efficiency of the Cyber Defence Center by leading automation initiatives

Be responsible for accuracy, timeliness of the forensics investigation incidents and examinations and provide relevant reports, dashboards, metrics for periodic reviews and management presentations

Co-ordinate with stakeholders, build and maintain positive working relationships with them

Skills Required (Knowledge and Skills)

Technical competencies:

Deep knowledge of OS internals (Windows, Linux), Active Directory and typical vulnerabilities and misconfigurations and associated exploitation techniques and scripting

In-depth practical knowledge and experience in application of TTPs, MITRE Framework in securing an enterprise environment

Working knowledge of at-least 1 EDR and SIEM tools (commercial or open source)

Expertise in server and mobile forensic tools such as Autopsy, FTK, Encase, Oxygen, Cellebrite, Wireshark, RAM analysis, Registry analysis tools etc

Significant experience in investigating complex, multi-location security breaches and creation of detailed forensic investigation reports and presentations for variety of stakeholders

Experience of rapid rule development in response to newly released attacks, IOCs will be a plus

Research bent of mind and passion for keeping up-to-date with the latest threat landscape and adversarial techniques

Non-technical competencies:

Logical thinker with attention to detail

Strong collaborative skills and proven ability to work in a diverse team of security and IT professionals

Process oriented

Meticulous and methodical approach to documentation

Good interpersonal skills to interact and gather relevant information from a variety of stakeholders such as IT, Network and Security teams

Excellent verbal and written English

Ability to work with calm and patience in high pressure situations in a dynamic environment

Key Attributes (Experience and Qualifications):

BE/B.Tech/ME/M.Tech/MCA/MS from a reputed/recognized institute

5-8 years of relevant experience in Forensics, Incident Analysis and Investigation

Excellent verbal and written communication skills and customer management skills

Certification as a CHFI, GCIH or GCFA would be an advantage (desired)