Job
Description
Roles & Responsibilities: Detect, Analyze, Investigate, and report qualified security incidents to the Client as per the defined SLA. Provide recommendations to the security incidents reported as per SLA. Investigations into non-standard incidents and execution of standard scenarios. Provide dashboard and data related to Incidents/Offenses for governance reports. Escalates to L3 if investigations uncover unusual or atypical situations. Monitoring unhealthy log source/data source and escalate to engineering team to fix them. Participate in incident response (IR) efforts; detect, identify, respond, contain and remediate all information security incidents. Rapidly and accurately determine the source of a security incident and moving quickly to identify and apply containment, mitigation, and remediation steps. Contribute to the execution of Cyber Security operations, incident response, and investigations spanning across all functions of the Corporate Security organization. Track, monitor incident actions while applying intelligence, situational awareness to prioritise incident actions based on risk. Responsible for Incident and Breach communications, assessments, and reports and customer facing, to include leadership and executive management for the purpose of enabling Senior Management to make decisions in a crisis. Develop and document processes to ensure consistent and scalable response operations. Deliver tabletop IR assessments and real-life IR simulations at a technical and executive level. Conduct in-depth root cause analysis on complex malware and user/system behaviour event. Gather and analyse forensic evidence for cyber security incidents and investigations. Develop and document enhanced event analysis and incident response processes and procedures. Experience Requirement: 4-8 years of experience in cyber security operations, incident response, or related areas. Hands-on experience with security event sources such as FW, IDS, Proxy, AD, EDR, DLP, etc. Experience working with cross-functional teams during security incident investigations. Exposure to risk-based prioritization, reporting, and governance dashboards. Practical knowledge of IR playbooks and forensic investigation techniques.
