EY Jobs

Job Information

EY Technology Consulting_Cyber Security_NGSO_TDR_IR(consulting)_Senior in Trivandrum, India

Technology ConsultingCyber SecurityNGSOTDRIR(consulting)_Senior


Requisition # TVM001II

Post Date Feb 10, 2021

Technology Consulting – Threat Detection & Response

Incident Response – IR (Senior)

KEY Capabilities:

  • Excellent teamwork skills, passion and drive to succeed and combat Cyber threats

  • Willing to learn new technologies and take up new challenges. Assist in developing high-quality technical content such as automation scripts/tools, reference architectures, and white papers.

  • Should have worked in a security operations center and gained understanding of SIEM and other log management platforms. Having experience in Splunk content development will be an added advantage

  • Should have good hands-on experience and skills on advanced and integrated SOC Technology like SIEM, SOAR, EPP, EDR solutions, Firewalls, IDPS, Web Proxy, Enterprise Forensics tools.

  • Should have knowledge of IDAM, AD/Domain Controllers, Security event logs.

  • Advanced knowledge of Forensic technologies (such as Memory Forensics, Network Forensics, Filesystem Forensics, Email Forensics, Malware analysis, Device Forensics) across various platforms (end-points, servers, AWS/Azure cloud) and Operating Systems (Windows, *nix, etc.) for supporting Forensics investigations and Incident Response

  • Good hands-on experience in any scripting language (like Python, PowerShell, Perl, etc) to effectively automate the analysis of various logs/artifacts.

  • Experience with cloud infrastructures for the enterprise, such as Amazon Web Services, G Suite, Office 365, and Azure.

  • Proficiency with industry-standard DFIR toolsets,

  • Knowledge of methods utilized for evidence collection, maintenance of chain of custody, evidence storage and analysis, and evidentiary reporting

  • Experience with IDA Pro, OllyDbg, other disassemblers/ debuggers

  • Good knowledge in threat modelling.

  • Knowledge in Network monitoring technology platforms such as Fidelis XPS or others

  • Knowledge in endpoint protection tools, techniques and platforms such as Carbon Black, Tanium, Microsoft Defender ATP, Symantec, McAfee or others

Key Responsibilities:

  • Must to Lead end-to-end incident response investigations, either on premises or remote, depending on customer requirements

  • Identify and investigate intrusions to determine the cause and extent of the breach, by leveraging EDR solutions, Network security solutions, threat intelligence sources and Forensic tools

  • Perform host and network forensics, log analysis, and malware analysis (if required) in support of incident response investigations

  • Perform threat hunting across client’s networks hunting for evidence of a compromise

  • Perform incident response within various Cloud platforms

  • Develop indicators of compromise by Identifying attacker tools, tactics, and procedures

  • Develop and implement remediation plans along with incident response

  • Provide expert opinions based on findings and analysis

  • Share investigation/status reports and presentations for both technical and executive audiences

Qualification & experience:

  • 5+ years in any combination of roles as an Incident Responder or Forensic Examiner

  • Strong oral, written and listening skills are an essential component to effective consulting.

  • Strong background in network technologies. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary.

  • Good to have experience in Static and dynamic malware analysis

  • Expertise in any User Behavior Analytics platform or App such as Splunk User Behavior Analytics/Exabeam User Behavior Intelligence /Securonix UBA will be an added advantage

  • Good knowledge in programming or Scripting languages PowerShell, Bash & Python

  • Experience with Packet Analysis tools: TCP Dump, Ettercap, Wireshark

  • Must have honours degree in a technical field such as computer science, mathematics, engineering or similar field

  • Minimum 4 years of working in a security operations center

  • Having GCIH / GMON / GCIA / GCFE / GCFA / GREM / GNFA certification will be an added advantage.

  • Certification in any one of the SIEM Solution such as IBM QRadar, Exabeam, Securonix and Splunk will be an added advantage