Job Title:  T&T I Cyber-D&R I Assistant Manager I Incident Response & Handling | Bengaluru

Your Work Profile :

The role requires strong skills in incident response to effectively minimize the impact of cyber risks. The individual will be responsible for overseeing security monitoring, managing security tools and operations, and ensuring security incidents are handled efficiently and reported to relevant stakeholders.  

This role primarily involves acting as a first responder and conducting in-depth incident response activities on behalf of a diverse range of clients across various sectors. Candidates must be capable of operating in complex security environments and working collaboratively with the SOC team to design, communicate, and execute incident response, containment, and remediation plans. They will support incident response analysts and incident management teams, while also evaluating tools, processes, and procedures for handling cyber intrusions—continuously identifying new and improved methods for detecting and responding to adversarial threats.  

• Detect, triage, investigate, and respond to security incidents across client environments in accordance with defined SLAs. 

• Analyze alerts and events from a wide range of data sources: Firewalls, IDS/IPS, Proxy, AD, EDR, DLP, etc.  

• Execute end-to-end incident response including detection, containment, eradication, recovery, and lessons learned.  

• Conduct root cause analysis and forensic investigations on affected systems.  

• Leverage tools such as EDR, SIEM, and SOAR to automate and accelerate response efforts.  

• Develop, improve, and document incident response processes and playbooks.  

• Deliver comprehensive incident reports to internal and external stakeholders, including executive briefings.  

• Monitor log sources/data sources health and coordinate with engineering to maintain optimal visibility.  

• Facilitate tabletop exercises, real-time simulations, and post-incident reviews.  

• Support threat hunting initiatives by analyzing network traffic, endpoint behavior, and threat intelligence.  

• Assist in malware analysis and reverse engineering efforts as needed.  

• Track incident response metrics and contribute to continuous improvement of detection and response capabilities.  

• Collaborate with cross-functional teams including SOC analysts, IT operations, and business stakeholders.  

Key Skills required:  

• 4-6years. Core Incident Response Knowledge: Deep understanding of the incident response lifecycle, cyber kill chain, and MITRE ATT&CK framework.  
• Operating Systems: Expertise in Windows, Active Directory, DNS, and Linux platforms.  
• SIEM Platforms: Strong experience with Splunk,Sentinel, or other SIEM tools.  
• SOAR Tools: Proficiency in tools like Cortex XSOAR for orchestrating response.  
• EDR Technologies: Hands-on experience with tools like CrowdStrike, Microsoft Defender for Endpoint, SentinelOne, etc.  
• Log Analysis: Ability to interpret raw logs and perform correlation across diverse systems (network, endpoint, applications).  
• Digital Forensics: Experience with EnCase, FTK, or other forensics toolsets; able to perform memory, disk, and network forensics.  
• Malware Analysis: Strong understanding of malware behavior, obfuscation techniques, and basic reverse engineering.  
• Communication: Strong verbal and written communication skills, capable of briefing technical and non-technical stakeholders.  
• Process Orientation: Ability to document, optimize, and maintain response processes and runbooks.  
• ITSM Tools: Familiarity with ITSM platforms (e.g., ServiceNow) for managing incidents and workflows.  
• Experience delivering IR services to large enterprise or MSSP environments.  
• Familiarity with cloud environments (Azure, AWS, GCP) and cloud security practices. 
• Bachelor’s degree in computer science, Cyber Security, or related field.  
• Industry Certifications (preferred): GIAC (GCIA, GCFA, GCIH) CHFI, CEH, Security+, CySA+, or equivalent