Incident response engineerPosted: March 30, 2023, 9:08 a.m. - Full Time - Navi mumbai
Roles and Responsibilities: - Investigate and analyse logs and security-related events via EDR/XDR/Raw Logs Investigating using SIEM consoles. Live Disk forensics. TTP based Threat Hunting. Identify and respond to cyber threats occurring within customer environments. Communicate and document findings to various customer audiences including, technical and executive teams. Collaborate and assist with core security and threat response teams. Actively research emerging Indicators of Compromise/Attack, exploits and vulnerabilities with the intent of operationalizing findings to better protect our customers. Innovative mindset and driven to contribute to a team providing a best-in-class cybersecurity service. 2+ years of experience working in a SOC environment or computer security team in an IT environment. Experience with endpoint and network security monitoring. Experience administering and supporting Windows OS (both workstations and server) and one of the following: Apple or Linux-based operating systems (e.g. XP, Windows 7, 2003, 2008, OS X). Knowledge of common adversary tactics and techniques, e.g., obfuscation, persistence, defense evasion, etc. Knowledge of Mitre ATT&CK framework. Knowledge of incident response procedures. Basic understanding of network traffic analysis including TCP/IP, routing, switching, protocols, etc. Basic understanding of Windows event log analysis.
A plus if you have: Experience with SQL query construction. Experience with OSQuery. Programming and scripting skills - proficient knowledge of Powershell.