Lead Incident Response Analyst [T500-22568]

About ADM:

We are one of the world’s largest nutrition companies and a global leader in human and animal nutrition. We unlock the power of nature to provide nourishing quality of life by transforming crops into ingredients and solutions for foods, beverages, supplements, livestock, aquaculture, and pets.

About ADM India Hub:

At ADM, we have long recognized the strength and potential of India’s talent pool, which is why we have maintained a presence in the country for more than 25 years. Building on this foundation, we have now established ADM India Hub, our first GCC in India.

At ADM India Hub, we are hiring for IT and finance roles across diverse technology and business functions. We stand at the intersection of global expertise and local excellence, enabling us to drive innovation and support our larger purpose of unlocking the power of nature to enrich quality of life.

Lead Incident Response Analyst

Bengaluru, India

Position Summary:

Under managerial guidance, the Lead Incident Response analyst will lead daily work activities of the Cyber Incident Response team. They will report to the Manager of the Cyber Threat action Center. In addition they will partner with peers and other managers in Cyber Threat Intelligence, Attack Surface Management, Security Operations Center, and other IT teams to lead the investigation and validation of escalated security events and lead the performance of incident response activities using established processes and procedures.

A deep understanding of cyber-attacks, cyber threat actors, preventative and detection measures is required for this role. The role also mentors the other members of the Incident Response team on various aspects of cyber-attacks, threat actors methods, and detection and response activities. This role is a key advisor on cyber-attacks Manager of the Cyber Threat Action Center and the Director of Cyber Defense Operations and other IT leaders.

Job Responsibilities:

• Applies comprehensive knowledge and a thorough understanding of Incident Response concepts, principles, and technical capabilities
• Leads the daily work activities of the Incident Response team
• Collaborating with peers across Information Security to ensure effective, precise, and rapid response
• Ensures the team is focused on their immediate daily priorities and are acting according to the established policies and procedures.
• Leads technical interactions with IT Partner(s) services and outcomes related to cyber security services, i.e. advises the appropriate technical response to security alerts. Notifies managers if the vendor’s technical performance is not performed to standard.
• Point of technical escalation from within the Incident Response team to drive all cyber incidents managed by the team partner closely with GICS leadership.
• Staying up to date with new security capabilities and providing recommendations best suited and prioritized for appropriate cyber response.
• Influencing tactical direction of the Information Security program.
• Perform and provide oversight of analysis and trending of security log data from enterprise security devices & systems
• Provide Incident Response (IR) support when analysis suspects security incident to help contain and eradicate threats.
• Perform incident triage, incident response, and forensic investigations across endpoints and cloud environments
• Conduct technical examinations of computer-based evidence include logs, packet captures, SIEM & IDS events, disk forensics, malware analysis, and more
• Document incidents from initial detection through final resolution and present the findings to GICS leadership.
• Investigation, document, and report on cyber security issues
• Integrate and share information with other analysts and other teams
• Work with SIEM administrators and security tool SMEs to build detections to help proactively identify real world threats across a broad range of technologies and log sources
• Creating and continuous improvement of standard processes and operating procedures and incident response playbooks
• Ability to work in a hybrid managing services environment utilizing various partners

Required Skills:

• Excellent verbal and written communication skills, including ability to effectively communicate with internal and external customers
• Ability to communicate and collaborate effectively with other team members in a geographic and culturally diverse workforce
• Ability to work independently and prioritize work using the guidance of leadership.
• Strong knowledge of IT, computer science concepts
• 5+ years’ experience in cyber incident response, or similar cyber field, including experience with security principles, and defense-in-depth techniques.
• Bachelors’ degree in IT related major, Information Security Major, or equivalent work experience.
• Possess functional knowledge and administrative experience on Windows and Unix/Linux Platforms.
• Proficiency and understanding of SIEM, Endpoint Detection and Response, Identity, Cloud, and Network technologies
• Proven experience in disk forensics, static and dynamic malware analysis, packet analysis.
• Proven experience in technical and non-technical techniques used by cyber adversaries to attack and achieve their cyber goals.
• Strong sense of professionalism and ethics.
• Expected to work occasional nights, weekends, holidays, and overtime.
• Expected to perform on-call duties

Desired Skills:

• CISSP, SANS certifications, or security related CompTIA certifications, or other industry certifications a plus
• Experience with incident response in SCADA, DCS, or PLC environments is a plus
• Experience with incident response in SAP is a plus
• Experience with Microsoft Defender Suite is a plus

Leadership Traits:

• WE are owners
• WE help each other thrive
• WE continuously learn
• WE create the environment for diversity, equity and inclusion to strengthen us.

Education Requirements:

• Bachelor’s Degree in related Cyber studies or 5+ years of equivalent experience.

Required Experience:

Insert required experience for the position using bullets, no periods. Use this section to indicate the previous experience a candidate must have had:

• Prior experience as a senior contributor leading team efforts preferred
• Experience in Security Operations in medium to large enterprise
• Knowledge and execution of cyber incident response
• Experience and understanding of best-in-class Security Operations Center (SOC) operates

Desired Experience:

• Experience in leading teams as individual contributor/lead capacity
• Demonstrated Information Security understanding and specifically industry best practices for Incident Response
• One or more Information Security Certifications preferred, but not required: CISSP or CISM
• Bachelor’s degree in related field, or equivalent work experience.