Job Title:  T&T I Cyber-D&R I Consultant | Incident Response & Handling | Delhi

Your Work Profile  

·    Detect, Analyze, Investigate, and report qualified security incidents to the Client as per the defined SLA 

·      Provide recommendations for the security incidents reported as per SLA 

·      Investigate incidents using various security event sources (FW, IDS, PROXY, AD, EDR, DLP etc.). 

·      Investigate non-standard incidents and execution of standard scenarios. 

·      Provide dashboard and data related to Incidents/Offenses for governance reports. 

·      Escalate to L3 if investigations uncover unusual or atypical situations. 

·      Monitor unhealthy log source/data source and escalate to engineering team to fix them. 

·      Participate in incident response (IR) efforts; detect, identify, respond, contain and remediate all information security incidents. 

·      Rapidly and accurately determine the source of a security incident and moving quickly to identify and apply containment, mitigation, and remediation steps. 

·      Contribute to the execution of Cyber Security operations, incident response, and investigations spanning across all functions of the Corporate Security organization. 

·      Track, monitor incident actions while applying intelligence, situational awareness to prioritize incident actions based on risk  

·      Responsible for Incident and Breach communications, assessments, and reports and customer facing, to include leadership and executive management for the purpose of enabling Senior      Management to make decisions in a crisis 

·      Develop and document processes to ensure consistent and scalable response operations.

·      Deliver tabletop IR assessments and real-life IR simulations at a technical and executive level. 

·      Conduct in-depth root cause analysis on complex malware and user/system behavior event 

·      Gather and analyze forensic evidence for cyber security incidents and investigations. 

·      Develop and document enhanced event analysis and incident response processes and procedures.

Key Skills required:  

·      Overall experience of at least 2 -4 years in SIEM monitoring and Cyber security Incident response and Management 

·      Hands-on experience with security tools and devices, operating systems, and/or networking devices desired. 

·      Proven skills and experience in log analysis, incident investigations  

·      Experience working across diverse teams to facilitate solutions 

·      Experience working with Security practitioners 

·      Willingness to work in a 24/7 environment in rotating shifts. 

·      Ability to work in time-sensitive and stressful situations with ease and professionalism, possess an efficient and versatile communication style 

·      Evidence handling 

·      Data acquisition (Disk, Memory, Mobile, Cloud, Enterprise Wide) 

·      Digital forensics (Windows, Mac OS, Linux/Unix) 

·      Thorough understanding of Cyber kill chain and MITRE ATT&CK framework. 

·      Experience with one or more of SIEM tools such as QRadar, Sentinel, etc... is required 

·      Experience on EDR tools for Incident response and threat hunting (Crowdstrike, MS Defender, Sentinel One) 

·      Strong knowledge and experience with commonly used forensic toolsets, including EnCase, FTK. 

·      Experience reviewing raw logs and performing advanced data correlation and analysis (i.e., firewall, network flow, IPS, endpoint protection, web application, host OS, database, AAA, etc.) 

·      Experience of network & host-based forensic analysis and techniques 

·      Experience of malware analysis and understanding attack techniques. 

·      Industry certifications such as ECIH v2, CHFI, GCIH or GCIA, along with experience will be a bonus. Experience in lieu of certification will be taken into consideration 

·      Bachelor’s/Master’s degree  

·      Certifications like ECIH v2, CHFI, GCIH or GCIA are preferred