EY Jobs

Technology ConsultingCyber SecurityNGSOTDRIR(consulting)_Senior

Consulting

Requisition # TVM001II

Post Date Feb 10, 2021

Technology Consulting – Threat Detection & Response

Incident Response – IR (Senior)

KEY Capabilities:

• Excellent teamwork skills, passion and drive to succeed and combat Cyber threats

• Willing to learn new technologies and take up new challenges. Assist in developing high-quality technical content such as automation scripts/tools, reference architectures, and white papers.

• Should have worked in a security operations center and gained understanding of SIEM and other log management platforms. Having experience in Splunk content development will be an added advantage

• Should have good hands-on experience and skills on advanced and integrated SOC Technology like SIEM, SOAR, EPP, EDR solutions, Firewalls, IDPS, Web Proxy, Enterprise Forensics tools.

• Should have knowledge of IDAM, AD/Domain Controllers, Security event logs.

• Advanced knowledge of Forensic technologies (such as Memory Forensics, Network Forensics, Filesystem Forensics, Email Forensics, Malware analysis, Device Forensics) across various platforms (end-points, servers, AWS/Azure cloud) and Operating Systems (Windows, *nix, etc.) for supporting Forensics investigations and Incident Response

• Good hands-on experience in any scripting language (like Python, PowerShell, Perl, etc) to effectively automate the analysis of various logs/artifacts.

• Experience with cloud infrastructures for the enterprise, such as Amazon Web Services, G Suite, Office 365, and Azure.

• Proficiency with industry-standard DFIR toolsets,

• Knowledge of methods utilized for evidence collection, maintenance of chain of custody, evidence storage and analysis, and evidentiary reporting

• Experience with IDA Pro, OllyDbg, other disassemblers/ debuggers

• Good knowledge in threat modelling.

• Knowledge in Network monitoring technology platforms such as Fidelis XPS or others

• Knowledge in endpoint protection tools, techniques and platforms such as Carbon Black, Tanium, Microsoft Defender ATP, Symantec, McAfee or others

Key Responsibilities:

• Must to Lead end-to-end incident response investigations, either on premises or remote, depending on customer requirements

• Identify and investigate intrusions to determine the cause and extent of the breach, by leveraging EDR solutions, Network security solutions, threat intelligence sources and Forensic tools

• Perform host and network forensics, log analysis, and malware analysis (if required) in support of incident response investigations

• Perform threat hunting across client’s networks hunting for evidence of a compromise

• Perform incident response within various Cloud platforms

• Develop indicators of compromise by Identifying attacker tools, tactics, and procedures

• Develop and implement remediation plans along with incident response

• Provide expert opinions based on findings and analysis

• Share investigation/status reports and presentations for both technical and executive audiences

Qualification & experience:

• 5+ years in any combination of roles as an Incident Responder or Forensic Examiner

• Strong oral, written and listening skills are an essential component to effective consulting.

• Strong background in network technologies. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary.

• Good to have experience in Static and dynamic malware analysis

• Expertise in any User Behavior Analytics platform or App such as Splunk User Behavior Analytics/Exabeam User Behavior Intelligence /Securonix UBA will be an added advantage

• Good knowledge in programming or Scripting languages PowerShell, Bash & Python

• Experience with Packet Analysis tools: TCP Dump, Ettercap, Wireshark

• Must have honours degree in a technical field such as computer science, mathematics, engineering or similar field

• Minimum 4 years of working in a security operations center

• Having GCIH / GMON / GCIA / GCFE / GCFA / GREM / GNFA certification will be an added advantage.

• Certification in any one of the SIEM Solution such as IBM QRadar, Exabeam, Securonix and Splunk will be an added advantage