Cybersecurity Incident Response Specialist (Senior)

Job description

ABOUT THE JOB

• A self-starter, independent with minimal supervision and strong hands-on experience in building security monitoring and incident response capabilities, including playbook, processes, and tooling.
• Provide security monitoring and incident response expertise to businesses and collaborate with various parties in the group and business units.
• Act as a subject matter expert on activities relating to cyber-related detection and incident response.
• Lead triaging and investigations into intrusions and other cyber security breaches.
• Provide a coordinated response to complex cyber-attacks that threaten a company’s assets, intellectual property, and systems.
• Continuous development, operation, and improvement of security monitoring and incident response processes, tooling, and solutions as required.
• Research and recommend solutions for incident response and support digital forensics.
• Work with VAPT/Red team members to incorporate security vulnerabilities and attack use cases into the security monitoring and IR playbook.

ABOUT YOU

• Academic degree in Cybersecurity, Information Technology, Computer Science, or related fields
• 5+ years of in-depth, hands-on working knowledge in security operations, incident response, and security monitoring activities in a global environment
• Ability to join the dots in the identification of incidents (including triage, correlation to past or concurrent incidents/alerts) to post-incident recovery activities.
• Good understanding of tactics, techniques, and procedures that could be used in cyber kill chain for recon, persistence, lateral movement, and ex-filtration.
• Ability to develop and operationalize security monitoring capabilities, tooling, and use cases for different tech stacks (e.g., APIs, applications), including cloud and container setup.
• Good hands-on experience in digital forensics and threat hunting is a plus.
• The threat and vulnerability landscape includes malware, emerging threats, attacks, and vulnerability management.
• Good understanding of technology (e.g., cloud and containers) and Agile development concepts, networking topologies, telemetry, protocol usage, and enterprise hardware, including switches, routers, and firewalls, and their security roles.
• Ability to explain theoretical concepts to team members with varying ICS backgrounds.
• Experience with Splunk or sumo logic tools.
• Programming and scripting languages, e.g., Perl, Python, PowerShell, or shell scripting.
• Good understanding of industry trends and developments, including their impact on the business.
• Strong communication skills - oral and written.

Equal Opportunity