Incident Response Analyst

Incident Response Analyst

Bengaluru, India

Position Summary:
Under general supervision, the Incident Response analyst will work in the Cyber Threat Action Center (CTAC) and work directly with Cyber Threat Intelligence, Attack Surface Management, and other IT teams to investigate and validate escalated security events and perform incident response activities using established processes and procedures.
Job Responsibilities:

• Provide analysis and trending of security log data from enterprise security devices & systems
• Provide Incident Response (IR) support when analysis confirms security incident to help contain and eradicate threats.
• Perform incident triage, incident response, and forensic investigations across endpoints and cloud environments
• Conduct technical examinations of computer-based evidence include logs, packet captures, SIEM & IDS events, disk forensics, malware analysis, and more
• Document incidents from initial detection through final resolution, and present the findings
• Assist with threat and vulnerability analysis, monitoring, and mitigation
• Investigation, document, and report on information security issues
• Coordinating with Cyber Intel analysts on open and closed source activities impacting Company
• Integrate and share information with other analysts and other teams
• Work with SIEM administrators to build detections to help proactively identify real world threats across a broad range of technologies and log sources
• Assist with creation and maintenance of standard processes and operating procedures and incident response playbooks
• Ability to work in a hybrid managing services environment utilization various partners
• Ability to lift 50 lbs. and detect color coded events

Job Requirements:

• 3+ years experience in cyber incident response, or equivalent work experience.
• Strong knowledge of IT, computer science concepts.
• Bachelors degree in IT related major, Information Security Major, or equivalent work experience.
• Experience using Windows and Linux to perform tasks and some administration capability.
• Experience using IDS/IPS, WAF, and SIEM.
• Ability to prioritize work using the guidance of leadership.
• Proven experience in disk forensics, static and dynamic malware analysis, packet analysis.
• Proven experience in technical and non-technical techniques used by cyber adversaries to attack and achieve their cyber goals.
• Ability to communicate and collaborate effectively with other team members in a geographic and culturally diverse workforce
• Expected to work occasional nights, weekends, holidays, and overtime.
• Expected to perform on-call duties.
• Occasional travel may be required.
• Strong sense of professionalism and ethics.

Desired Skills:

• CISSP, SANS certifications, or security related CompTIA certifications, or other industry certificationsa plus.
• Experience with incident response in SCADA, DCS, or PLC environments is a plus
• Experience with incident response in SAP is a plus