Principal - Threat Engineer jobs in Chennai at Ingram Micro I Pvt Ltd

Principal - Threat Engineer

Education

UG :Any Graduate in Any Specialization

PG :Post Graduation Not Required

Experience : 3 - 8 years

Location : Chennai

Job description

Key Responsibilities

Develop new and novel defense techniques to identify and stop advanced adversary tactics and techniques.
Perform forensics on network, host, memory, and other artifacts originating from multiple operating systems, applications, or networks and extract IOCs (Indicators of Compromise) and TTP (Tactics, Techniques, and Procedures).
Investigate incidents leveraging forensics tools including Encase, FTK, X-Ways, Axiom, SIFT, and Splunk to determine source of compromises and malicious activity that occurred.
Collect, analyze, assess, and disseminate information about cyber threats and potential attacks.
Conduct human-driven, proactive, and iterative hunts through enterprise networks, endpoints, or datasets to detect malicious, suspicious, or risky activities that have evaded detection by existing tools.
Lead the Security Incident Response Team (SIRT) in responding to active and time-sensitive threats including communications and coordination across different teams.
Work closely with other members of the Information Security team to lead changes in the company's defense posture.
Maintaining proper chain of custody of evidence and associated documentation
Testifying in court, Grand Jury, or other legal proceedings through testimony, sworn affidavits, or other legal instruments.

Skills Experienc

3+ years of strong hands-on experience in digital forensics examinations and/or investigations using the EnCase tool.
3+ years of experience in law enforcement (deputized) investigations (fraud, counterintelligence, high-tech crimes, etc.).
3+ years of experience in interviewing after taking a Reid Technique class (or an equivalent)
Advanced knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security.
Experience with cloud services.
Strong understanding of vulnerabilities, common attack vectors and has attacker mindset: ability to think about creative threats and attack vectors.
Strong communication (i.e., written and verbal),presentation, teamwork skills and resourcefulness.
Deep understanding of internals and constructs of modern operating systems.
Experienced with EnCase, FTK, X-Ways, Axiom, SIFT, Splunk, Elastic Stack, Redline, Volatility, WireShark, TCPDump, and open source forensic tools.
Proficiency with at least one interpreted programming language (Python, Ruby, etc.).
Relevant security certifications (EnCE, OSCP, OSCE, GPEN, GXPN, GREM, GNFA, GCFA).

Ingram Micro Inc. is the world's largest technology distributor and a leading technology sales, marketing and logistics company. Ranked as No.70 in the FORTUNE 500 2007 listing, with sales exceeding $31.3 billion. As a vital link in the technology value chain, Ingram Micro creates sales and profitability opportunities for vendors and resellers through unique marketing programs, outsourced logistics services, technical support, financial services and product aggregation and distribution. Since its beginnings in 1979, Ingram Micro has connected technology solution providers with vendors worldwide, identifying markets and technologies that shape the IT industry. Today, Ingram Micro remains at the forefront of the global technology marketplace, bringing the latest products and services to market and finding new ways to bring value to our customers. The company offers a broad array of solutions and services to nearly 165,000 resellers by distributing and marketing hundreds of thousands of IT products worldwide from nearly 1,400 suppliers.