Develop and sustain incident response strategy covering the complete organization from policy, procedure, and playbooks perspective. Be a point of contact in case of an incident and managing incident from detection to closure, post -incident analysis and further communication to all relevant stakeholders to prevent any further damage. Planning and executing threat hunting will be the primary focus of this role along with in-depth investigation and support to incidents escalated from SOC. Leading the technical and incident responders into cybersecurity and taking responsibility for the timely identification of threats and minimising the same. Ensuring the completion of post-incident reviews, assessing the effectiveness of controls, detection and response capability, and supporting the required improvement in people, process and technology. Experience in conducting cyber incident drills. Collaborated with internal and external stakeholders (as applicable) for incident response and investigation Deep understanding of the technologies such as Next gen AV, EDR, Vulnerability Management, HIPS, NIDS, Web proxy, DNS, DHCP, AD, Databases, Full packet capture, host based & amp; network-based forensics and encryption. Technical know-how on the organizations network, application, Data, systems and infrastructure. Be the Subject Matter Expert (SME) on incident response processes, tools and approaches to the wider team and other stakeholders. Must be able to conduct a detailed analysis of various security related events like Phishing, Malware, DoS/ DDoS, Application specific attacks, Ransomware etc. Creation of reports, dashboards, metrics related to the security incidents and presentation to Senior Management. Experience working in large scale complex environment Think about cyberattacks and propose remedial steps based on the attack pattern. Broad level of knowledge of security technologies. Excellent knowledge of methodologies, processes and tools associated with supporting this function effectively.
