Cyber defense incident responder

12+ Years experience in Cyber Security

Mumbai

Role Summary

As an Incident Responder, you will play a critical role in investigating computer-related crimes and cyber security incidents within the organization. Your responsibilities include validating incidents, identifying root causes, and containing and eradicating threats. You should be proficient in a wide range of computer investigation and forensic tools. With a background in engineering and a minimum of 12 years of experience in incident detection, response, remediation, and forensics, you should possess certifications such as SANS-GCIH, GCFA, or an Advanced Incident Responder certification.

Job Duties

• Provide rapid initial response to IT security threats, incidents, or cyber-attacks within the organization.
• Support in the detection, response, mitigation, and reporting of cyber threats affecting organizational networks.
• Maintain up-to-date knowledge of current vulnerabilities, response strategies, and mitigation techniques used in cyber security operations.
• Analyze and report on cyber threats and assist in deterring, identifying, monitoring, investigating, and analyzing computer network intrusions.
• Additional duties may include providing intrusion support for high-technology investigations, including computer evidence seizure, computer forensic analysis, data recovery, and network assessments.
• Monitor network traffic for unusual activity or unauthorized access attempts to identify indicators of compromise and intrusion traits.
• Analyze malware, threat advisories, vendor security bulletins, and threat intelligence information to validate actionable intelligence.
• Conduct malware reverse engineering to identify indicators of compromise.
• Utilize tools such as Encase, FTK, and Cylance.
• Possess knowledge of infrastructure and network architecture security.
• Basic programming skills in languages such as Java, PHP, shell programming, and C.
• Hold relevant certifications, including CEH, CIH, and SANS Incident Response certifications.

Requirements

• A degree in engineering with a minimum of 10 years of incident response and forensics experience.
• Familiarity with forensic and eDiscovery tools such as Relativity, Clearwell, NUIX, EnCase, Helix, and FTK.
• Practical experience in computer operating systems, including MS Windows, UNIX, and Linux.
• Strong analytical capabilities for identifying threats and vulnerabilities.
• Understanding of defense evasion techniques, malware defense evasion, and detection.
• Knowledge of core Windows processes.
• Proficiency in analyzing malware persistence and detecting malicious WMI event consumers.
• Strong problem-solving skills.
• Effective team player capable of working collaboratively.
• Ability to react quickly and efficiently under pressure.
• Excellent communication skills for regular reporting to management and stakeholders.
• Knowledge and understanding of network protocols, network devices, multiple operating systems, and secure architectures.
• Technical Incident Responder Certifications, such as GCIH, GCIA, GNFA.