5+ years of demonstrated experience in performing technical analysis and enrichment of pertinent attacks, threats and their indicators
Sound Knowledge on developing use cases in Elastic and EDR based on MITRE ATT&CK framework
Working knowledge of Machine Learning and User Behaviour Analytics as it pertains to baselining normal to determine outliers and anomalous behaviours.
Ability to manage complex security scenarios and develop innovative solutions to address the most recent cyber threats
Maintain supervision over operational tasks and provide day-to-day oversight for Incident Response Analysts and Incident Leads
Oversee analysts in their investigation and response activities when security incidents arise to determine possible cause and resolution
Effectively communicate information to stakeholders of all levels
Demonstrate experience in network and host-based intrusion analysis, incident response processes and procedures, digital forensics and/or handling malware
Acting as a lead throughout incident scenarios and provide subject matter expertise in cybersecurity incident response
Successfully executing incident handling procedures as well as direct response to cyber security incidents
Maintaining current knowledge and recognition of attacker tools, tactics, and procedures to produce indicators of compromise (IOCs) that can be utilized during active and future investigations
Assessing cyber threat intelligence/open source intelligence and operationalizing that information
Demonstrating real-world, hands-on experience dealing with sophisticated malware and dynamic cyber threat actors
Identifying current and emerging threats and application of such research
Mandatory hands on experience on below mentioned Domains / Tools: (Must have Any One) - Elasticsearch (ELK) / Sqrrl / Crowd strike / Fireeye Mandiant HX / SOAR / Cloud Incident Response
Hands-on experience on Sysinternals / Sysmo
Hands on experience Any Malware analysis tool like Cuckoo, Cisco threat grid, Threat connect
Strong knowledge of Cyber Detection technologies like (Advanced Threat Detection Tools, UEBA Tools, Network Packet Analysis, Endpoint Protection)
Should be able to investigation Spam and Malware samples.
Certifications Preferred: CISSP, CCSP, GCIH, GCFA
Strong communication skills, ability to work comfortably with different regions
Actively participate within internal project community
Good team player, ability to work on a local, regional and global basis and as part of joint cross location initiative
Self-motivated, able to work independently and with a team
