JOB TITLE: Digital Forensics and Incident Response
LOCATION: Bangalore
MAIN JOB PURPOSE
A DFIR analyst should have rich experience in responding to advanced threats in a global SOC/CIRT environment. The analyst works with global Security Operations team to detect, analyse, contain and investigate security incidents. The candidate should possess good knowledge of Incident Response and Digital Forensics process as well as hands-on experience on latest SOC technology.
JOB SUMMARY
Expectations:
- Knowledge of Incident Response process and incident management phases.
- Good hands-on experience and skills on advanced and integrated SOC Technology like SIEM, SOAR, EPP, EDR solutions, Firewalls, IDPS, Web Proxy, Enterprise Forensics tools.
- Knowledge of IDAM, Active Directory, Security event logs.
- Knowledge of On-premises as well as cloud security principles. Good hands-on experience and skills on responding to incidents on on-premises as well as cloud hosted infrastructure.
- Advanced knowledge of Forensic technologies (such as Memory Forensics, Network Forensics, Filesystem Forensics, Malware analysis, Device Forensics - HDD/SSD/Smart Phone) across various platforms (end-points, servers, AWS/Azure cloud) and Operating Systems (Windows, Linux, UNIX, Mac, AIX, etc.) for supporting Forensics investigations.
- Good hands-on experience in any scripting language (like Python, PowerShell, Perl, etc) to effectively automate the analysis of various logs/artifacts.
Responsibilities:
- Digital Forensics and Incident Response to include investigating email, end point, server and network intrusions; remediation support; performing comprehensive computer surveillance / monitoring and log analysis.
- Define playbooks and response plans for security issues for handling incidents in a consistent manner.
- Work with Security Engineering teams to deploy monitoring and log correlation solutions that will help detect and respond to security incidents.
- Work closely with the SOC and corporate IT security teams to support and deliver Cyber Security objectives.
KEY REQUIREMENTS
A DFIR analyst should have rich experience in responding to advanced threats in a global SOC/CIRT
Essential:
- A bachelor's degree in engineering, computer science, information security, or information systems
- 3+ years of experience in a global SOC/CIRT role.
- Experience with searching and extracting logs from SIEM solutions (like Splunk / QRadar)
- Working knowledge of at least one of the scripting tools: Python/ Perl/ PowerShell
- Good communication and reporting skills
Desirable:
Relevant GIAC Certification (any): GCIH / GMON / GCIA / GCFE / GCFA / GREM / GNFA.