Cyber Security Forensics SME

Job Title: Cyber Security Forensics SME Location: UniOps Bangalore ABOUT UNILEVER: Every individual here can bring their purpose to life through their work. Join us and you ll be surrounded by inspiring leaders and supportive peers. Among them, you ll channel your purpose, bring fresh ideas to the table, and simply be you. As you work to make a real impact on the business and the world, we ll work to help you become a better you. ABOUT UNIOPS: RESPONSIBILITIES The person in this role is expected to generate leads for the Incident Response team (based on forensic evidence) for timely containment and response actions. It is expected that the person leads all in-house investigations and also coordinates with external investigators/specialists in major incidents. Conducts forensics analysis of cyber security incidents to deduce RCA and understand the relevant threat (for example malware behaviour and TTP through static and dynamic analysis) and potential impact. Utilizes latest and advanced knowledge of SOC Technologies and Forensic technologies (such as Memory Forensics, Network Forensics, Filesystem Forensics, Malware analysis and Reverse Engineering, Device Forensics - HDD/SSD/Smart Phone) across various platforms (end-points, servers, AWS/Azure/GCP cloud) and Operating Systems (Windows, Linux, UNIX, Mac, AIX, etc. ) for supporting Forensics investigations. Participates in scoping discussions with stakeholders for forensics capability projects and investigations to understand the requirement, identifies and communicates feasibility and approach, undertake and follow-up actions till timely delivery and successful conclusion. Ensures that all investigations are appropriately conducted and documented as per cardinal forensic principles and evidence handling (collection, analysis, sharing and preservation) is compliant to the process. Effectively and timely triage and respond to incident investigation. KEY REQUIREMENTS MANDATORY Strong ethics, communication and team skills Hands-on experience with Enterprise SIEM (like Splunk, QRadar, Sentinel, etc) and EDR tools (like Microsoft Defender, CrowdStrike Falcon, etc) Hands-on experience with Enterprise Forensics tools (like EnCase, FTK, AXIOM, etc) Hands-on experience in memory forensics, network forensics and malware analysis Minimum 10 years of enterprise experience in a global SOC (Security Operations Centre) / DFIR (Digital Forensics or Incident Response) domain. Working knowledge of at least one of the scripting tools: Python/ Perl/ PowerShell EnCase Certified Examiner (EnCE) GIAC Certification GCFE/ GCFA/ GREM/ GNFA