
Job Information
EY Technology Consulting_Cyber Security_NGSO_TDR_IR(consulting)_Senior in Trivandrum, India
Technology ConsultingCyber SecurityNGSOTDRIR(consulting)_Senior
Consulting
Requisition # TVM001II
Post Date Feb 10, 2021
Technology Consulting – Threat Detection & Response
Incident Response – IR (Senior)
KEY Capabilities:
Excellent teamwork skills, passion and drive to succeed and combat Cyber threats
Willing to learn new technologies and take up new challenges. Assist in developing high-quality technical content such as automation scripts/tools, reference architectures, and white papers.
Should have worked in a security operations center and gained understanding of SIEM and other log management platforms. Having experience in Splunk content development will be an added advantage
Should have good hands-on experience and skills on advanced and integrated SOC Technology like SIEM, SOAR, EPP, EDR solutions, Firewalls, IDPS, Web Proxy, Enterprise Forensics tools.
Should have knowledge of IDAM, AD/Domain Controllers, Security event logs.
Advanced knowledge of Forensic technologies (such as Memory Forensics, Network Forensics, Filesystem Forensics, Email Forensics, Malware analysis, Device Forensics) across various platforms (end-points, servers, AWS/Azure cloud) and Operating Systems (Windows, *nix, etc.) for supporting Forensics investigations and Incident Response
Good hands-on experience in any scripting language (like Python, PowerShell, Perl, etc) to effectively automate the analysis of various logs/artifacts.
Experience with cloud infrastructures for the enterprise, such as Amazon Web Services, G Suite, Office 365, and Azure.
Proficiency with industry-standard DFIR toolsets,
Knowledge of methods utilized for evidence collection, maintenance of chain of custody, evidence storage and analysis, and evidentiary reporting
Experience with IDA Pro, OllyDbg, other disassemblers/ debuggers
Good knowledge in threat modelling.
Knowledge in Network monitoring technology platforms such as Fidelis XPS or others
Knowledge in endpoint protection tools, techniques and platforms such as Carbon Black, Tanium, Microsoft Defender ATP, Symantec, McAfee or others
Key Responsibilities:
Must to Lead end-to-end incident response investigations, either on premises or remote, depending on customer requirements
Identify and investigate intrusions to determine the cause and extent of the breach, by leveraging EDR solutions, Network security solutions, threat intelligence sources and Forensic tools
Perform host and network forensics, log analysis, and malware analysis (if required) in support of incident response investigations
Perform threat hunting across client’s networks hunting for evidence of a compromise
Perform incident response within various Cloud platforms
Develop indicators of compromise by Identifying attacker tools, tactics, and procedures
Develop and implement remediation plans along with incident response
Provide expert opinions based on findings and analysis
Share investigation/status reports and presentations for both technical and executive audiences
Qualification & experience:
5+ years in any combination of roles as an Incident Responder or Forensic Examiner
Strong oral, written and listening skills are an essential component to effective consulting.
Strong background in network technologies. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary.
Good to have experience in Static and dynamic malware analysis
Expertise in any User Behavior Analytics platform or App such as Splunk User Behavior Analytics/Exabeam User Behavior Intelligence /Securonix UBA will be an added advantage
Good knowledge in programming or Scripting languages PowerShell, Bash & Python
Experience with Packet Analysis tools: TCP Dump, Ettercap, Wireshark
Must have honours degree in a technical field such as computer science, mathematics, engineering or similar field
Minimum 4 years of working in a security operations center
Having GCIH / GMON / GCIA / GCFE / GCFA / GREM / GNFA certification will be an added advantage.
Certification in any one of the SIEM Solution such as IBM QRadar, Exabeam, Securonix and Splunk will be an added advantage