*Looking for someone with strong IR & Investigation Skills with basic/mid level knowledge of Forensics*

This Job Role addresses the following activities:

Ø Cyber Security Incident Response 

Ø Digital Forensics and Investigation

Ø Job Accountabilities:

Ø Plan and Oversee daily activities of forensic analysts and incident responders

Ø Conduct forensic investigations, identify systems of interest and direct data acquisition, analysis and containment measures

Ø Conduct network forensics, intrusion analysis, malware analysis and reverse engineering, threat intelligence fusion (wherever possible/ required) to identify the root cause / patient zero

Ø Build knowledge and skills within the team on latest forensic tools, endpoint threat detection tools, technologies and techniques on an ongoing basis

Ø Work with red team/ penetration testing teams to strengthen detection and response measures for advanced attacks and contribute to the knowledgebase of the Cyber Defence Center

Ø Able to conduct manual investigation of Cyber Incident by correlating logs, events from multiple devices, servers, etc.

Ø Able to develop standard operating procedures, playbooks for Cyber Incident Response.

Ø Contribute to enhanced detection capabilities of the CDC using threat intelligence and drive innovation and efficiency of the Cyber Defence Center by leading automation initiatives

Ø Be responsible for accuracy, timeliness of the forensics investigation incidents and examinations and provide relevant reports, dashboards, metrics for periodic reviews and management presentations

Ø Co-ordinate with stakeholders, build and maintain positive working relationships with them

Ø Skills Required (Knowledge and Skills)

Technical competencies:

Ø Deep knowledge of OS internals (Windows, Linux), Active Directory and typical vulnerabilities and misconfigurations and associated exploitation techniques and scripting

Ø In-depth practical knowledge and experience in application of TTPs, MITRE Framework in securing an enterprise environment

Ø Working knowledge of at-least 1 EDR and SIEM tools (commercial or open source)

Ø Expertise in server and mobile forensic tools such as Autopsy, FTK, Encase, Oxygen, Cellebrite, Wireshark, RAM analysis, Registry analysis tools etc

Ø Significant experience in investigating complex, multi-location security breaches and creation of detailed forensic investigation reports and presentations for variety of stakeholders

Ø Experience of rapid rule development in response to newly released attacks, IOCs will be a plus

Ø Research bent of mind and passion for keeping up-to-date with the latest threat landscape and adversarial techniques

Non-technical competencies:

Ø Logical thinker with attention to detail

Ø Strong collaborative skills and proven ability to work in a diverse team of security and IT professionals

Ø Process oriented

Ø Meticulous and methodical approach to documentation

Ø Good interpersonal skills to interact and gather relevant information from a variety of stakeholders such as IT, Network and Security teams

Ø Excellent verbal and written English

Ø Ability to work with calm and patience in high pressure situations in a dynamic environment

Key Attributes (Experience and Qualifications):

Ø BE/B.Tech/ME/M.Tech/MCA/MS from a reputed/recognized institute

Ø 5-8 years of relevant experience in Forensics, Incident Analysis and Investigation

Ø Excellent verbal and written communication skills and customer management skills

Ø Certification as a CHFI, GCIH or GCFA would be an advantage (desired)