7 Encase Jobs

Incident handling, forensic analysis, and VAPT SIEM tools cybersecurity frameworks Log analysis, monitoring, detecting and investigating security incidents and breaches. CEH,CSA,CompTIA Security+,GCIH,security incidents

Dear Candidate, We are hiring a Digital Forensics Analyst to investigate cyber incidents, recover digital evidence, and support legal and compliance teams. Ideal for professionals with a strong background in cybersecurity and forensic analysis. Key Responsibilities: Perform forensic imaging and analysis on digital devices Investigate incidents involving malware, breaches, or data leaks Document evidence for regulatory, legal, or HR use Collaborate with SOC and legal teams to support investigations Required Skills & Qualifications: Experience with forensic tools (EnCase, FTK, Autopsy, X-Ways) Knowledge of file systems, OS internals, and memory analysis Understanding of chain-of-custody and evidence handling Bonus: GIAC (GCFA, GCFE) or related digital forensics certifications Soft Skills: Strong troubleshooting and problem-solving skills. Ability to work independently and in a team. Excellent communication and documentation skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Srinivasa Reddy Kandi Delivery Manager Integra Technologies

Qualifications & Experience: Minimum of 2 years of hands-on experience in digital forensics, cybercrime investigations, or related technical fields. Exposure across both public and private sectors is preferred. Proven expertise in identifying, containing, mitigating, and recovering from cybersecurity incidents, with strong post-incident reporting capabilities. Demonstrated ability to independently develop and continuously improve skills in Digital Forensics, DFIR methodologies, and evolving cybersecurity trends. In-depth knowledge of forensic best practices, industry standards, and investigative methodologies for both host-based and network-level analysis. Proficient in the forensic preservation of digital evidence across a variety of platforms in a forensically sound and defensible manner. Familiarity with internationally recognized digital evidence acquisition and handling standards (e.g., NIST, ISO 27037). Hands-on experience with forensic tools and techniques supporting internal investigations, such as employee misconduct or data exfiltration cases. Experience serving as an escalation point for suspected security incidents or intrusions, including initial triage and scoping. Proficient with endpoint detection and response (EDR) tools and live forensics techniques. Practical knowledge of forensic analysis on multiple operating systems: Windows, macOS, and Linux. Strong command of DFIR-related open-source tools, memory analysis, and full-disk forensics. Capable of leading or participating in large-scale forensic investigations both independently and as part of a team. Skilled in performing root cause analysis and post-incident forensic reviews for cyber events and security breaches. Proven ability to prepare comprehensive investigation reports, breach summaries, and documentation for privacy and data exposure incidents. Exceptional attention to detail and ability to maintain thorough and accurate investigative records and chain-of-custody documentation. Preferred Certifications (one or more): CHFI (Computer Hacking Forensic Investigator) CIH (Certified Incident Handler) CSA (Certified SOC Analyst) CEH (Certified Ethical Hacker) GSEC (GIAC Security Essentials) GCIH (GIAC Certified Incident Handler) GCIA (GIAC Certified Intrusion Analyst) GCFE (GIAC Certified Forensic Examiner) GREM (GIAC Reverse Engineering Malware) GCFA (GIAC Certified Forensic Analyst)

Top Selection & Auto Elimination Criteria: Rotational Shift, Only Immediate joiners (0-15 days ), Cab facility : Yes only late night pick or drop(1 side only for Gurgaon Employees) Location : Gurgaon Mode : 5 days work from Office only (NO Work from home) Relevant experience range 9+ Position : L3 SOC Analyst Position Description: The SOC Level 3 Analyst is a senior-level cybersecurity professional responsible for leading advanced threat detection, response, and mitigation activities within the Security Operations Center. This role acts as the final escalation point for complex security incidents and plays a crucial role in enhancing security monitoring, incident response procedures, and overall threat defense capabilities. The L3 Analyst collaborates with security engineers, incident response teams, threat intelligence analysts, and IT stakeholders to identify, investigate, and remediate security threats in real-time. Role and responsibilities: 1. Incident Response and Escalation Lead and coordinate end-to-end response for critical and high-severity security incidents. Perform advanced investigation and forensics on compromised systems, including log correlation, packet analysis, and endpoint review. Serve as a primary escalation point for SOC Tier 1 and Tier 2 analysts. Conduct root cause analysis and provide detailed incident reports with lessons learned and mitigation steps. 2. Threat Detection and Analysis Analyze and triage alerts generated by the SIEM and other security tools. Hunt for threats in the environment using threat intelligence and behavioral indicators (proactive threat hunting). Analyze and reverse-engineer malware, if required, to understand behavior and determine mitigation steps. Correlate threat intelligence feeds with internal data to identify indicators of compromise (IOCs) and advanced persistent threats (APTs). 3. Tooling and Automation Optimize and fine-tune detection rules and SIEM use cases to reduce false positives and enhance detection accuracy. Build automation scripts and workflows to improve efficiency in incident triage, correlation, and response. Collaborate with security engineers to integrate new data sources and tools into the SOC ecosystem. 4. Documentation and Reporting Maintain detailed and accurate documentation of incidents, investigations, and actions taken. Develop and update SOC standard operating procedures (SOPs) and playbooks. Prepare and present technical reports, dashboards, and metrics to senior management and stakeholders. 5. Mentorship and Leadership Mentor and guide SOC L1 and L2 analysts on technical skills and investigative processes. Provide training on new threats, tools, and techniques. Assist in evaluating and improving team workflows, processes, and overall SOC maturity. 6. Collaboration and Stakeholder Engagement Work closely with threat intelligence, vulnerability management, and risk teams to stay ahead of emerging threats. Communicate with IT, DevOps, and business units to coordinate responses and ensure secure configurations. Participate in red/blue team exercises and post-mortem reviews to enhance SOC readiness. Required Experience / Skills: Strong expertise with SIEM platforms (e.g., QRadar, Sentinel, LogRhythm , Splunk,). Proficient in EDR and XDR tools (e.g., CrowdStrike, SentinelOne, Carbon Black). Hands-on knowledge of packet capture analysis tools (e.g., Wireshark, tcpdump), forensic tools, and malware analysis tools. Familiarity with scripting or automation languages such as Python, PowerShell, or Bash. Deep understanding of networking protocols, OS internals (Windows/Linux), and security best practices. Familiar with frameworks such as MITRE ATT&CK, NIST, and the Cyber Kill Chain. Minimum of nine (9) years technical experience 7+ years of experience in SOC, security operations, cyber technical analysis, threat hunting, and threat attribution assessment with increasing responsibilities. 3+ years of rule development and tuning experience 2+ years of Incident response Experience supporting 24x7x365 SOC operations and willing to operate in Shifts including but not limited to Alert and notification activities- analysis/triage/response, Review and action on Threat Intel for IOCs and other operationally impactful information, initial review and triage of reported alerts and Incidents. Manage multiple tickets/alerts in parallel, including end-user coordination. Demonstrated ability to evaluate events (through a triage process) and identify appropriate prioritization for response. Solid understanding and experience analyzing security events generated from security tools and devices not limited to QRadar, MS Sentinel, FireEye, Elastic, SourceFire, Malware Bytes, CarbonBlack/Bit9, Splunk, Prisma Cloud/Compute, Cisco IronPort, BlueCoat Experience and solid understanding of Malware analysis Demonstrated proficiencies with one or more toolsets such as QRadar, MS Sentinel, Bit9/CarbonBlack, Endgame, FireEye HX / CM / ETP, Elastic Kibana Experience and ability to use, contribute, develop and follow Standard Operating Procedures (SOPs) In-depth experience with processing and triage of Security Alerts from multiple sources but not limited to: Endpoint security tools, SIEM, email security solutions, CISA, Threat Intel Sources Experience with scripting languages applied to SOC operations; for example, automating investigations with tools, automating IOC reviews, support SOAR development. Experience with bash, python, and Windows PowerShell scripting Demonstrated experience with triage and resolution of SOC tasks, including but not limited to vulnerability announcements, phishing email review, Tier 1 IR support, SIEM/Security Tools - alert analysis. Demonstrated experience and understanding of event timeline analysis and correlation of events between logs sources. Demonstrated experience with the underlying logs generated by operating systems (Linux/Windows), Network Security Devices, and other enterprise tools. Demonstrated proficiencies with an enterprise SIEM or security analytics solution, including the Elastic Stack or Splunk. Solid understanding and experience analyzing security events generated from security tools and devices not limited to: QRadar, MS Sentinel, Carbon Black, FireEye, Palo Alto, Cylance, and OSSEC Expert in security incident response processes Required Certifications: Two of the following certifications are preferred: GIAC-GCIH Global Certified Incident Handler GIAC-GCFE - Global Information Assurance Certification Forensic Examiner GIAC-GCFA - Global Information Assurance Certification Forensic Analyst GIAC-GREM - GIAC Reverse Engineering Malware GIAC-GNFA - GIAC Network Forensic Analyst GIAC-GCTI - GIAC Cyber Threat Intelligence GIAC-GPen GIAC Certified Penetration Tester GIAC-GWAPT GIAC Certified Web Application Penetration Tester CEPT - Certified Expert Penetration Tester (CEPT) CASS - Certified Application Security Specialist (CASS) CWAPT - Certified Penetration Tester (CWAPT) CREA - Certified Reverse Engineering Analyst (CREA) Qualifications : Bachelors degree in computer science, Information Technology, or a related field. Experience of 5 years or 3 years relevant experience. Strong troubleshooting and problem-solving skills. Excellent communication and interpersonal skills. Ability to work independently and as part of a team. Strong organizational and time management skills. Willingness to work after hours and provide on-call support.

The role requires providing expertise and leadership for Incident Response capabilities including good understanding of cyber incident forensics. It requires providing both subject matter expertise and project management experience to serve as the point person of client engagement in domain. The candidate shall pertain efficient incident response and remediation skills to minimise the impact of cyber risks. The individual will oversee and support security monitoring operations team and assist them during security incidents and ensure incidents are managed and responded effectively including and reporting to stakeholders. This role primarily consists of leading team of the Incident responders, Incident managers and stakeholders (including client, vendors, etc.) and to conduct thorough response activities on behalf of a wide variety of clients across sectors. Candidate is required to work in complex security environments and alongside SOC team to design, communicate and execute incident response, containment and remediation plans. Candidate is required to have hands-on experience of incident management and investigation tools and shall be comfortable leading teams on challenging engagements, communicating with clients, providing hands-on assistance with incident response activities, and creating and presenting high-quality deliverables. Responsibilities Manage client engagements, with a focus on incident response and investigation. Provide both subject matter expertise and project management experience to serve as the point person for client engagements. Assist with client incident scoping call and participate in the incident from kick-off through full containment and remediation. Security Analytics - Efficiently distill actionable information from large data sets for reporting, hunting, and anomaly detection. Recommend and document specific countermeasures and mitigating controls with post incident analysis findings. Develop comprehensive and accurate reports and presentations for both technical and executive audiences. Conduct Digital Forensic and Incident Response (DFIR) analysis, network log and network PCAP analysis, malware triage, and other investigation related activities in support of Incident Response investigations. Supervise Digital Forensics and Incident Response staff and assisting with performance reviews and mentorship of cybersecurity professionals. Mature the Security Incident Response process to ensure it meets the needs of the Clients. Interact with Clients CSIRT teams to cater continuous and/or ad-hoc client requests for Incident Response services. Possess the experience, credibility and integrity to perform as an expert witness. Involve in business development activities and supporting pre-sales teams in Identify, market, and develop new business opportunities. Assist with research and distribute cyber threat intelligence developed from Incident Response activities Research, develop and recommend infrastructure (hardware & software) needs for DFIR and evolve existing methodologies to enhance and improve our DFIR practice. Skills required 8-14 years Information Security experience with at least 5 year of Incident Response experience. Solid understanding of MITRE ATT&CK, NIST cyber incident response framework and Cyber kill chain. Understanding of Threat Hunting and threat Intelligence concepts and technologies Experience of leveraging technical security solutions such as SIEM, IDS/IPS, EDR, vulnerability management or assessment, malware analysis, or forensics tools for incident triage and analysis. Deep experience with most common OS (Windows, MacOS, Linux, Android, iOS) and their file systems (ext3.4, NTFS, HFS+, APFS, exFAT etc) Proficiency with industry-standard forensic toolsets (i.e. EnCase, Axiom/IEF, Cellebrite/UFED, Nuix and FTK) Experience of enterprise level cloud infrastructure such as AWS, MS Azure, G Suite, O365 etc. Experience of malware analysis and understanding attack techniques. CISSP, ECIH v2, GCFA, GCIH, EnCE or equivalent DFIR certification. Ability to work in time-sensitive and complex situations with ease and professionalism, possess an efficient and versatile communication style. Good verbal and written communication skill, excellent interpersonal skills. Abilities: Strong English verbal, written communication, report writing and presentations skills. Ability to multitask and prioritize work effectively. Responsive to challenging tasking. Highly motivated self-starter giving attention to detail. Strong analytical skills and efficient problem solving. Capable to operate in a challenging and fast-paced environment.

Position Summary: Evernorth Health Services Information Protection is looking for an Associated Advisor, Incident Response (IR). The Incident Response Associate Advisor is responsible for handling and coordinating lower severity cybersecurity incidents as part of a 24x7 operation. The IR Associate Advisor acts as a supporting role to the major incident management process in the event of High or Critical Severity cybersecurity incidents. The IR Associate Advisor also acts as a point of escalation to lower tier analysts and provides mentorship. Job Description & Responsibilities: Monitor and respond to security alerts generated by the Managed Security Service Provider (MSSP), Cignas SIEM and/or SOAR platforms. Analyze, document, and communicate security events based on priority given by MSSP or SOC Team Lead and according to SOC protocol. Provide escalation support for security events from SOC Analysts. Participate in CSIRT functions supporting investigative requests and/or to assist with the development of containment/mitigation strategies. Perform host and network-based log analysis to identify potentially infected hosts and escalate to appropriate team according to SOC protocol. Correlate IOCs with data from information security systems/tooling to identify attacks and/or potentially compromised systems and escalate to appropriate team according to SOC protocol. Collaborate with Cignas Threat Intelligence, Threat Hunt, and Adversary Simulation teams to refine and/or improve threat detections and/or security controls and configurations for security monitoring systems. Contribute to the evaluation, testing, and implementation of new detections, security tools and processes. Develop and maintain documentation for all assigned responsibilities. Develop and report on trends and provide focus and situational awareness on all issues to SOC leadership. Required to perform duties outside of normal work hours based on business needs. Experience Required: Overall 6-8 years of I.T. and/or information security experience. Minimum 1-3 years of experience detecting and responding to cyber intrusions. Experience leveraging the Cyber Kill Chain and MITRE Attack Framework. Experience using IR tools such as Splunk, Tanium, Volatility, Encase, FTK, SIFT, REMnux, etc. Deep understanding of the cyber threat landscape, attack surfaces, and threats associated with each. Deep understanding of enterprise security controls in Active Directory/Windows and UNIX environments. Knowledgeable and experienced with Cloud security concepts and tooling. Experience Desired: Automating and/or scripting ability in one or more of the following: Python, Perl, Bash and/or Powershell. Experience de-obfuscating potentially malicious content. Experience doing static and dynamic malware analysis. Education and Training Required: A degree (bachelors degree preferred) from an accredited college and four years of satisfactory full-time experience required by the particular position; OR Education and / or experience which is equivalent to the above Relevant certifications such as Security+, CEH, CASP or similar Primary Skills: Ability to conduct memory and disk forensics, network traffic analysis, log correlations in support of Incident Response investigations. Thorough knowledge of operating systems, networking, and host analysis. Detailed understanding of attacker tactics, tools, and techniques. Strong communication skills, both written and oral. Strong analytical and investigative mindset

SOC L3 Security Analyst Job Summary : We are seeking an experienced SOC L3 Blue Team Analyst to join our security operations team. The ideal candidate will have a strong background in cybersecurity defense, incident detection, and response. As a senior-level analyst, the L3 SOC professional will lead the investigation of complex security incidents, perform root cause analysis, develop strategies for preventing future incidents, and provide guidance to junior team members. Key Responsibilities : Lead investigations of security incidents and events escalated from Level 1 and 2 analysts. Conduct deep-dive analysis and forensic investigations to identify and mitigate potential security threats. Develop and improve detection, incident response, and investigation workflows. Identify attack patterns, threats, and vulnerabilities within enterprise environments. Provide expert guidance and mentoring to junior SOC analysts (L1/L2). Collaborate with IT and other teams to recommend and implement security measures. Develop and manage threat intelligence sources and help enhance threat detection capabilities. Create and update incident response plans and playbooks. Produce detailed reports and documentation for management and compliance purposes. Stay current with emerging security threats, vulnerabilities, and countermeasures. Work on continuous improvements to SIEM (Security Information and Event Management) configurations, threat hunting, and security monitoring practices. Key Skills and Qualifications : Technical Skills : Security Monitoring Tools : Proficient with SIEM platforms (QRadar), IDS/IPS, and endpoint detection & response (EDR) tools (e.g., CrowdStrike, SentinelOne). Incident Response : Strong knowledge in incident response workflows, threat analysis, and mitigation strategies. Forensics : Expertise in digital forensics tools (e.g., FTK, EnCase, Volatility) and techniques for analyzing malware, compromised systems, and network traffic. Networking & Protocols : In-depth understanding of networking protocols (TCP/IP, DNS, HTTP, etc.) and network traffic analysis. Scripting & Automation : Experience with scripting languages (e.g., Python, PowerShell, Bash) for automation of security tasks and incident investigations. Cloud Security : Familiarity with securing cloud environments (e.g., AWS, Azure, Google Cloud) and identifying threats in cloud-based infrastructures. Soft Skills : Strong analytical and problem-solving abilities. Excellent communication skills for reporting incidents and collaborating with teams. Ability to mentor and guide junior analysts in security processes and techniques. Certifications (Highly Desired): Certified Information Systems Security Professional (CISSP) : A globally recognized certification for senior-level security professionals. Certified Ethical Hacker (CEH) : Demonstrates expertise in ethical hacking and penetration testing techniques. Certified Incident Handler (GCIH) : Focused on incident handling and response methodologies. GIAC Security Essentials (GSEC) : Validates knowledge of information security concepts. Certified Cloud Security Professional (CCSP) : Demonstrates knowledge of cloud security principles and practices. CompTIA Security+ : A foundational certification for understanding security best practices. SANS/GIAC Certifications (e.g., GIAC Certified Forensic Analyst - GCFA, GIAC Certified Intrusion Analyst - GCIA): Advanced certifications demonstrating expertise in digital forensics and intrusion analysis. Experience : Minimum of 6-9 years of experience in a SOC environment, with at least 3 years in a Level 3 role. Proven experience handling advanced security incidents, from detection to containment and remediation. In-depth experience in vulnerability management, threat intelligence analysis, and mitigation strategies. Preferred Qualifications : Experience with threat hunting and developing custom detection rules and use cases. Familiarity with modern attack techniques (e.g., APT, ransomware, insider threats). Knowledge of regulatory frameworks such as GDPR, HIPAA, or PCI-DSS. Work Environment : This role may require on-call availability for incident response outside of normal business hours. Strong collaboration with IT, development, and business teams.