Experience
RESPONSIBILITIES
- 812 years of experience in cybersecurity, with at least 5 years focused on incident response and security operations.
- Proven track record in handling high-severity cybersecurity incidents and coordinating across teams to achieve resolution.
- Strong knowledge of incident detection, containment, eradication, and recovery processes.
- Exposure to working in a 24x7 SOC environment and collaborating with cross-functional teams (SOC, VA, network, application, and infrastructure, etc.).
Roles and Responsibilities
- Lead and coordinate all phases of cybersecurity incident response, ensuring effective containment, eradication, and recovery.
- Collaborate closely with SOC analysts to triage alerts, escalate critical incidents, and oversee incident investigations.
- Develop, refine, and maintain incident response playbooks and procedures aligned with best practices.
- Ensure root cause analysis and post-incident reviews are conducted, with lessons learned integrated into prevention strategies and ensuring SOPs are updated.
- Coordinate with business units to ensure timely ticket closure and endpoint-level remediation.
- Prepare executive-level reports on incident trends, response effectiveness, and BU compliance.
- Support threat hunting and proactive detection efforts alongside SOC.
Behavioural Skills
- Strong leadership with the ability to remain calm under pressure and manage crisis situations.
- Excellent communication skills to interact with both technical teams and senior management.
- Analytical and detail-oriented mindset with strong problem-solving skills.
- Ability to enforce accountability while fostering collaboration across teams.
Technical Skills
- Proficiency in SIEM platforms, EDR solutions, and forensic analysis tools.
- Hands-on experience with malware analysis, log analysis, and threat hunting.
- Strong knowledge of TCP/IP, network security, and cloud security principles.
- Familiarity with security frameworks such as NIST, MITRE ATT&CK, and ISO 27001.
Non-Negotiable Skills
- Hands-on incident response experience with proven ability to handle high-severity cases.
- Strong knowledge of SIEM and EDR tools.
- Certification in incident response/forensics (e.g., GCIH, GCFA).
- On-site availability in Ahmedabad (no remote flexibility).
Qualifications
Education Qualification
- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related discipline.
- Advanced degree (e.g., Master's, MBA) in Cybersecurity, Information Assurance, or related field preferred.
Certification Required
- Incident handling or response-related certifications such as GCIH, GCFA, GCIA, CEH, or CISSP.
- Additional SOC/Threat Hunting certifications (SIEM, EDR tools) will be an advantage.
