Job Accountabilities
- Perform forensic investigations, identify systems of interest and direct data acquisition, analysis and containment measures.
- Conduct network forensics, intrusion analysis, malware analysis and reverse engineering, threat intelligence fusion (wherever possible/ required) to identify the root cause / patient zero
- Knowledge and skills on latest forensic tools, endpoint threat detection tools, technologies and techniques on an ongoing basis.
- Work with red team/ penetration testing teams to strengthen detection and response measures for advanced attacks and contribute to the knowledgebase of the Cyber Defence Center (CDC).
- Contribute to enhanced detection capabilities of the CDC using threat intelligence and drive innovation and efficiency of the Cyber Defence Center by assisting automation initiatives.
- Be responsible for accuracy, timeliness of the forensics investigation incidents and examinations and provide relevant reports, dashboards, metrics for periodic reviews and management presentations
- Co-ordinate with stakeholders, build and maintain positive working relationships with them
- Participate in incident bridges and crisis calls.
- Prepare incident reports for management and compliance teams
Skills Required (Knowledge and Skills) Technical competencies:
- Deep knowledge of OS internals (Windows, Linux), Active Directory and typical vulnerabilities and misconfigurations and associated exploitation techniques and scripting.
- In-depth practical knowledge and experience in application of TTPs, MITRE Framework in securing an enterprise environment.
- Working knowledge of at-least 3 EDR and SIEM tools (commercial or open source).
- Expertise in server and mobile forensic tools such as Autopsy, FTK, Encase, Oxygen, Cellebrite, Wireshark, RAM analysis, Registry analysis tools etc.
- Significant experience in investigating complex malware incidents, data theft, data breach, system compromise incidents and creation of detailed forensic investigation reports and presentations for variety of stakeholders.
- Experience of rapid rule development in response to newly released attacks, IOCs will be a plus.
- Research bent of mind and passion for keeping up-to-date with the latest threat landscape and adversarial techniques.
- Cloud security (M365, AWS, Azure, GCP).
Non-technical competencies:
- Logical thinker with attention to detail Strong collaborative skills and proven ability to work in a diverse team of security and IT professionals Process oriented
- Meticulous and methodical approach to documentation
- Good interpersonal skills to interact and gather relevant information from a variety of stakeholders such as IT, Network and Security teams
- Excellent verbal and written English
- Ability to work with calm and patience in high pressure situations in a dynamic environment
Key Attributes (Experience and Qualifications)
- BE/B.Tech/ME/M.Tech/MCA/MS from a reputed/recognized institute
- Overall 10-12 years with atleast 8 years of relevant experience in Incident response and Digital Forensic.
- Excellent verbal and written communication skills and customer management skills
- Certification as a CHFI, GCIH or GCFA, SANS certification would be an advantage (desired)
