Senior Specialist - Cyber Security Operations

Dreaming big is in our DNA. It’s who we are as a company. It’s our culture. It’s our heritage. And more than ever, it’s our future. A future where we’re always looking forward. Always serving up new ways to meet life’s moments. A future where we keep dreaming bigger. We look for people with passion, talent, and curiosity, and provide them with the teammates, resources and opportunities to unleash their full potential. The power we create together – when we combine your strengths with ours – is unstoppable. Are you ready to join a team that dreams as big as you do?

AB InBev GCC was incorporated in 2014 as a strategic partner for Anheuser-Busch InBev. The center leverages the power of data and analytics to drive growth for critical business functions such as operations, finance, people, and technology. The teams are transforming Operations through Tech and Analytics.

Do You Dream Big?

We Need You.

Job Description

Job Title: Senior Specialist – Cyber Security Operations

Location: Bangalore (Onsite)

Reporting to: Senior Manager - Global SOC & NOC

PURPOSE OF ROLE

Do you want to join the world largest brewer? We at AB-InBev have a fantastic opportunity for you to Develop & Lead team performing Adversary Emulation & join a growing team of top professionals who invest time and effort in protecting Ab-InBev from top Sophisticated Threats. We're constantly improving, advancing, and adopting new trends, new skills, and new expertise, giving our employees endless opportunities for professional development. As a part of the team, you’ll be expected to work in the developing a team performing Adversary Emulation along with deep knowledge of security processes and procedures, best practices, offensive tactics to perform in-depth advanced log, system, and process analytics to pursue and prove or disprove hypotheses relating to malicious activity. The role supports and brings additional value to Security Operation Center and incident response capability via highlighting suspicious correlations between incidents or events, Purple Team Exercise, Tabletop Exercise that may lead to or reveal advanced threats there by enhancing our network’s resilience against advanced persistent threats (APTs). Your Role also extend support to our monitoring team, providing 24*7 support in Cyber Security Operations.

KEY TASKS AND ACCOUNTABILITIES

• Operate as part of a team of cyber security incident responders monitoring, responding, and processing responses for the security alerts triggered from SOC tools deployed across on-premises and cloud environments like EDR, XDR, IDS/IPS, Web proxy, SIEM, phishing analysis etc., And from Cloud Security platforms like MS Defender for Cloud, AWS Guard duty, Orca Security etc.,
• Define and execute purple team sprints that materially and demonstrably improve ability to prevent and detect modern attacks.
• Through the delivery of purple team sprints, identify opportunities to reduce attack surface using preventative controls.
• Work with the Security Engineering team as necessary to support the deployment and tuning of security-related tooling, particularly those that pertain to prevention and detection.
• Proactively and iteratively hunt on large data sets, isolate, and remediate the threats that are associated with advanced threat actors and the threats that evade automated security solutions both on On-premises and Cloud environments.
• Deploy the testing methodology, collect data, report on findings to Stakeholders / Senior leadership & make suggestions for security improvements.
• Collaborate with threat intelligence team to identify leads for threat hunting activities.
• Use case management: Conduct regular review of existing use cases, Enhance, and optimize the detection logics to produce most effective detections with less or no false positives.
• Serve as an escalation point for SOC Analysts during critical incidents, to perform in depth analysis and triage threat activity based on host and network activity, traffic to identify infection vectors, the extent of the infection, and prepare high quality reports based on findings.

QUALIFICATIONS, EXPERIENCE, SKILLS

Education:

• Bachelor’s degree preferably in Computer Science or Information Systems and /or equivalent formal training or work experience.

Experience:

• 6-8 years of experience in a technical role in the areas of Threat hunting, Incident response and Security operations, Pen testing.

Technical/Functional Skills:

• Flexible to support in 24*7 support environment.
• Effective interpersonal, team building and communication skills.
• Good Oral and Written communication skills
• Ability to communicate complex technology to non-tech audience in simple and precise manner Ownership skills.
• Effectively collaborates and communicates with the stakeholders and ensures client satisfaction.
• Learn things quickly, while working outside the area of expertise.
• Familiarity with offensive strategies and assessment methodology.
• Ability to effectively work in a global team across a complex, geographically dispersed organization.
• Good understanding of common threat analysis models such as the Cyber Kill Chain, and MITRE ATTCK.

Mandatory Skills:

• Knowledge of IDS/IPS/HIDS/HIPS/EDR/AV evasion techniques – Advanced
• Practical experience emulating sophisticated cyber-attacks, likely in a purple or red team capacity – Intermediate
• Deep understanding of modern attacker tools, techniques, and procedures – Advanced
• Strong ability to use data to tell a story – Advanced
• Skilled working with extremely large data sets and proven hands-on experience in SIEM concepts such as correlation, aggregation, normalization, and parsing – Advanced
• Excellent understanding of enterprise security logging standards – Advanced
• Knowledge of operating system internals (Windows & Linux/UNIX) – Advanced
• Experience in handling advanced persistent threats and human adversary compromises – Advanced
• Understanding of latest cloud-based techniques used by attackers for persistence, privilege escalation, defence evasion and lateral movement in platforms such as Azure AD & Office 365 – Advanced

Preferred (Good to have) Skills:

• Ability to understand: C, C++, C#, Objective C, PHP, Java, Python, Ruby, etc. – Intermediate
• Security certifications like blue team operations certifications from SANS, OSCP or equivalent.

And above all of this, an undying love for beer!

We dream big to create future with more cheers.