Cyber Security SME

• The Carbon Black SME will be responsible for the design, deployment and management of globally deployed EDR systems
• This role will work closely with the HO Cyber security team, Threat Intelligence team, Incident Response, and monitoring analysts to define and tune rules and device security policies to meet the project requirements

Qualifications

• Bachelors or Masters Degree in Computer Engineering, Information Technology or information systems
• Familiar with basic understanding of Malware, TCP/UDP packets, security tools such IDS/IPS, web proxies, SIEM, DNS security, DDoS protection, firewalls
• 3+years of experience in deployment, management configuration for Carbon Black EDR, preferably in multi geography environment.
• 5+ years total experience in cyber security engineering role with respect to design, implement and operation for End point security solutions.
• Relevant cyber security experience in IT Security, Incident Response or network security with strong knowledge working in a Security Operations Center.
• Experience with: SIEM (QRadar, Splunk, Nitro, etc), SOAR (Resilient, Demisto, ServiceNOW, etc), Ticketing (JIRA, ServiceNow, Remedy, etc)
• Knowledge of generic information security standards/programs. Understanding of basic network concepts, familiarity with TCP/IP and VLAN functionality
• Experience with risk management, vulnerability management, threat analysis, security auditing, security monitoring, incident response and other information security practices preferred
• At least one technical certification (CCNA/MCSE/RHCE/Etc)
• At Least one cyber security certification (CISSP / CISM / CEH / COBIT / CompTia / etc). Security+,Linux+, GREM, GCFA, GNFA, OSCP, or similar certification preferred

Skills Required

• Demonstrated experience scripting environments like bash and/or Powershell
• Proficiency in server network administration skills - Windows and Linux
• Knowledge of on-prem and cloud infrastructure technologies
• Capability to develop professional documents in the form of reports, analysis, documentations (in English)
• Strong attention to detail, analytical mind, and outstanding problem-solving skills
• Experience in working under pressure in a fast-paced environment.
• Strong collaboration and communications skills required to address and resolve issues in a matrixed environment.
• Full professional proficiency in English
• Good experience and exposure for advanced incident analysis
• Experience with the common tools associated with penetration testing (Metasploit, Burp Suite, Kali etc)
• Ability to effectively code in a scripting language (Python, Perl, etc)Team management and upskilling

Personal skills:

• Good Team player
• Possess Positive and learning attitude
• Good Verbal and Written communication skills
• Sense of Ownership, Priorities and Autonomous
• Ability to travel up to 50% of the time

What we offer:

• Working on international projects
• Wide range of possibilities to gain both technical and soft skills as well as professional certifications

Roles Responsibilities

• Configuring modifying Policies in carbon black EDR cloud console
• Configure Threat Intelligence Feeds for Carbon Black
• Configure the EPP Scan exclusion list in CB EDR
• Verify UAT Server/endpoints etc on status in EDR Console
• Troubleshooting EDR UAT issues
• Creating and submitting UAT report
• Troubleshooting EDR client deployment issues
• Capable to fine tune incidents to avoid false-positive alerts
• Identify, develop and propose enhancements to existing processes and operations
• Ability to read and understand system data including security event logs, system logs, application logs, and device logs
• Ability to analyse incidents, independently form conclusions, and present findings and recommendations to other analysts
• Exposure to SOPs creation related to different process and incident investigation analysis
• Ability to investigate malicious activity to understand nature of threat
• Ability to Collaborate/Interact with different teams in SOC
• Exposure to Threat hunting activity
• Exposure in email analysis to categorize it as a Spam/Scam, Malicious, Legitimate
• Ability to analyze different IOCs and take actions accordingly
• Administration and maintenance of the endpoint protection infrastructure