Incident Response Lead

Job Accountabilities
Perform forensic investigations, identify systems of interest and direct data acquisition, analysis and containment measures.
Conduct network forensics, intrusion analysis, malware analysis and reverse engineering, threat intelligence fusion (wherever possible/ required) to identify the root cause / patient zero
Knowledge and skills on latest forensic tools, endpoint threat detection tools, technologies and techniques on an ongoing basis.
Work with red team/ penetration testing teams to strengthen detection and response measures for advanced attacks and contribute to the knowledgebase of the Cyber Defence Center (CDC).
Contribute to enhanced detection capabilities of the CDC using threat intelligence and drive innovation and efficiency of the Cyber Defence Center by assisting automation initiatives.
Be responsible for accuracy, timeliness of the forensics investigation incidents and examinations and provide relevant reports, dashboards, metrics for periodic reviews and management presentations
Co-ordinate with stakeholders, build and maintain positive working relationships with them
Participate in incident bridges and crisis calls.
Prepare incident reports for management and compliance teams

Skills Required (Knowledge and Skills) Technical competencies:
Deep knowledge of OS internals (Windows, Linux), Active Directory and typical vulnerabilities and misconfigurations and associated exploitation techniques and scripting.
In-depth practical knowledge and experience in application of TTPs, MITRE Framework in securing an enterprise environment.
Working knowledge of at-least 3 EDR and SIEM tools (commercial or open source).
Expertise in server and mobile forensic tools such as Autopsy, FTK, Encase, Oxygen, Cellebrite, Wireshark, RAM analysis, Registry analysis tools etc.
Significant experience in investigating complex malware incidents, data theft, data breach, system compromise incidents and creation of detailed forensic investigation reports and presentations for variety of stakeholders.

Experience of rapid rule development in response to newly released attacks, IOCs will be a plus.
Research bent of mind and passion for keeping up-to-date with the latest threat landscape and adversarial techniques.
Cloud security (M365, AWS, Azure, GCP).
Non-technical competencies:
Logical thinker with attention to detail Ø Strong collaborative skills and proven ability to work in a diverse team of security and IT professionals Ø Process oriented
Meticulous and methodical approach to documentation
Good interpersonal skills to interact and gather relevant information from a variety of stakeholders such as IT, Network and Security teams
Excellent verbal and written English
Ability to work with calm and patience in high pressure situations in a dynamic environment
Key Attributes (Experience and Qualifications)
BE/B.Tech/ME/M.Tech/MCA/MS from a reputed/recognized institute
Overall 10-12 years with atleast 8 years of relevant experience in Incident response and Digital Forensic.
Excellent verbal and written communication skills and customer management skills
Certification as a CHFI, GCIH or GCFA, SANS certification would be an advantage (desired)