Security Consultant

1. Incident Detection & Analysis

- Monitor security alerts from SIEM, IDS/IPS, and endpoint detection tools.

- Investigate security events to determine impact, scope, and root cause.

- Analyze network traffic, logs, and forensic artifacts to detect malicious activity.

- Utilize frameworks like MITRE ATT&CK, NIST 800-61, and Cyber Kill Chain for attack analysis.

2. Incident Response & Mitigation

- Respond to security incidents and perform containment, eradication, and recovery.

- Document incident response actions and maintain playbooks for future reference.

- Collaborate with IT, Security, and DevOps teams to implement security fixes.

- Conduct malware analysis and reverse engineering when required.

3. Threat Intelligence & Hunting

- Stay updated on emerging threats and vulnerabilities.

- Perform proactive threat hunting to detect potential attacks before they escalate.

- Work with Threat Intelligence teams to assess indicators of compromise (IoCs).

4. Security Automation & SOAR

- Automate security incident response tasks using SOAR platforms.

- Develop and optimize playbooks for automated threat containment.

5. Compliance & Reporting

- Ensure compliance with regulatory standards such as ISO 27001, NIST, PCI-DSS, SOC 2.

- Prepare detailed incident reports and post-incident reviews (PIRs).

- Assist in security audits and tabletop exercises for incident preparedness.

Required Qualifications & Skills

Technical Skills:

- SIEM Platforms

- Endpoint Security

- Forensics & Malware Analysis

- Threat Intelligence Tools

- Programming/Scripting: Python, PowerShell

- Cloud Security: AWS, Azure security best practices

Soft Skills:

- Strong problem-solving and analytical thinking.

- Effective communication skills for technical and non-technical audiences.

- Ability to work in high-pressure situations and make quick decisions.

- Strong collaboration skills to work with cross-functional teams.

Preferred Certifications:

- Certified Incident Handler (GCIH) GIAC

- Certified Cyber Incident Responder (ECIH) EC-Council

- Certified Information Systems Security Professional (CISSP) (Nice to have)

- Microsoft Certified: Security Operations Analyst Associate (Nice to have)

- AI/ML Knowledge (Nice to have)