Principal - Threat Engineer
Education
UG :Any
Graduate in Any Specialization
PG :Post
Graduation Not Required
Experience
: 3 - 8 years
Location
: Chennai
Job description
Key Responsibilities
- Develop new
and novel defense techniques to identify and stop advanced adversary tactics
and techniques.
- Perform
forensics on network, host, memory, and other artifacts originating from
multiple operating systems, applications, or networks and extract IOCs
(Indicators of Compromise) and TTP (Tactics, Techniques, and Procedures).
- Investigate
incidents leveraging forensics tools including Encase, FTK, X-Ways, Axiom,
SIFT, and Splunk to determine source of compromises and malicious activity that
occurred.
- Collect,
analyze, assess, and disseminate information about cyber threats and potential
attacks.
- Conduct
human-driven, proactive, and iterative hunts through enterprise networks,
endpoints, or datasets to detect malicious, suspicious, or risky activities
that have evaded detection by existing tools.
- Lead the
Security Incident Response Team (SIRT) in responding to active and
time-sensitive threats including communications and coordination across
different teams.
- Work closely
with other members of the Information Security team to lead changes in the
company's defense posture.
- Maintaining
proper chain of custody of evidence and associated documentation
- Testifying
in court, Grand Jury, or other legal proceedings through testimony, sworn
affidavits, or other legal instruments.
Skills Experienc
- 3+ years of
strong hands-on experience in digital forensics examinations and/or
investigations using the EnCase tool.
- 3+ years of
experience in law enforcement (deputized) investigations (fraud,
counterintelligence, high-tech crimes, etc.).
- 3+ years of
experience in interviewing after taking a Reid Technique class (or an
equivalent)
- Advanced
knowledge and understanding in various disciplines such as security
engineering, system and network security, authentication and security protocols,
cryptography, and application security.
- Experience
with cloud services.
- Strong
understanding of vulnerabilities, common attack vectors and has attacker
mindset: ability to think about creative threats and attack vectors.
- Strong
communication (i.e., written and verbal),presentation, teamwork skills and
resourcefulness.
- Deep
understanding of internals and constructs of modern operating systems.
- Experienced
with EnCase, FTK, X-Ways, Axiom, SIFT, Splunk, Elastic Stack, Redline,
Volatility, WireShark, TCPDump, and open source forensic tools.
- Proficiency
with at least one interpreted programming language (Python, Ruby, etc.).
- Relevant
security certifications (EnCE, OSCP, OSCE, GPEN, GXPN, GREM, GNFA, GCFA).