SOC Incident Responder (Lead/ Sr. Lead)

Job Summary:

The SOC Incident Responder is responsible for performing in-depth and advanced analysis of incidents escalated by the Detection team, ensuring adequate containment, remediation, and eradication to effectively close the incident. They continuously focus on refining incident response plans and improving security measures based on lessons learned from past incidents.

• Support cyber incident response actions to ensure proper assessment, containment, mitigation, and documentation.
• Perform in-depth analysis and investigative efforts when events are escalated and determine next appropriate containment/remediation/eradication efforts.
• Assist with defining and updating incident response playbooks to ensure tasks align with best practice.
• Identify and propose areas for improvement within the Security Operations Centre.
• Responsible for driving execution of daily, weekly, and monthly metrics for statistical threats and KPIs.
• Coordinate with global stakeholder along with the Senior management during contingency scenarios/ high severity incidents to ensure responsive actions are communicated in timely manner.
• Research and evaluate new technologies like Anti APT solutions, SOAR, Deception technologies, Big Data forensic analytic tools, and assist in implementation of the same.

Profile Description:

• Should have subject matter expertise in relevant areas, such as Incident Response, Forensic analysis, Malware analysis, Intrusion analysis and Crisis Management.
• Strong working knowledge on security tools, such as SIEM, AV, Vulnerability scanners, Proxies, WAF, Net flow, IDS and Forensic Tools.
• In-depth knowledge of malware families and network attack vectors
• Demonstrated experience with endpoints telemetry, Malware analysis tools, Exploit kits and SIEM platforms.
• Demonstrated experience in an enterprise-level incident response team or security operations center.
• Log (network, security, access, OS, application, etc.) analysis skills and experience in relation to identifying and investigating security incidents.
• Strong knowledge of Operating System Internals (Linux, Windows. Etc)
• Should be familiar with security engineering practises, web/Application security, Cloud Security.
• Should have Scripting knowledge (PowerShell, Python, Vbscript..etc)
• Have sound analytical and problem solving skills
• Preferable be a GIAC, CISSP, CEH certified Professional
• Experience in product suites like Mcafee, Fireye, Crowd Strike, Cylance etc.