Cyber Incident Response Recovery Investigator jobs at Sap in India, Bengaluru

About Delos Cloud:

Delos Cloud, a start-up founded by SAP, strives to deliver a sovereign cloud platform for the digital transformation of the German public sector. The platform is an essential component for the implementation of the German Administrative Cloud Strategy (DVS) in compliance with all relevant data protection, IT security, and secrecy requirements of the BSI. Delos Cloud is a trusted partner of the federal, state, and local IT service providers and complements their service portfolio. Therefore, you will find exciting and varied tasks in an innovative and meaningful environment. For more information, please visit: www.deloscloud.de

As a Cyber Defense Expert (f/m/d), you will be part of the Delos Cloud SOC with possible office locations in Walldorf, Eschborn (Frankfurt), Leipzig or Rheda-Wiedenbrück.

Security is a fundamental pillar of our company brand and not just another cost center. With your experience, you will protect Germany’s only sovereign Azure Cloud and make a valuable contribution to the digitalization of our country.

You will focus on the following activities:

• Continuous security monitoring within the Delos Cloud platform
• Triage and assessments of security alerts
• Initiation and execution of incident response measures

Depending on your personal experiences and preferences, you will also support in the following:

• Digital Forensics and Malware Analysis
• Proactive searches for security threats within the Delos Cloud platform
• Further development and continuous improvement of our detection logic
• Proven track record within the SOC area, ideally at detecting and responding to cyber security incidents

• 6+ years of related professional experience
• Advanced experience in Security Monitoring & Triage
• Foundational knowledge in, extensive knowledge in at least, as well as experience and interest to be primarily responsible for advancing at leastof the following areas:
- Incident Response
- Digital Forensics
- Threat Hunting
- Detection Engineering
- Malware Analysis
• Willingness to work in a 24/7 environment with on-call duties

• Fluency in German and English language - verbal and written

What you'll do

Our Global Cyber Security Incident Response and Recovery Analyst are our first line of response for security event and incidents with a global scope. They are responsible for triaging security alerts detected by Enterprise Detection and SIEM, analyzing available data to determine scope, severity, and priority to determine follow on actions, which could include escalation to a IR Investigator. In escalation cases, they then work in a supportive capacity to further validate if a cyber-attack is occurring, scoping the extent of a suspected attack, coordinating efforts to contain attacks, supporting forensic investigations to determine the details around an attack, and providing guidance on remediation actions.

In this role, you will

• Monitoring and analyzing alerts from a wide array of security devices and systems
• Responding promptly to incidents, analyzing them, and providing real-time response
• Creating, maintaining, and applying incident response playbooks to manage and resolve security incidents effectively
• Contribute to develop root cause analysis with detailed documentation of findings.
• Good hands-on experience with SIEM, IDS, DNS, EDR solutions.
• Contribute to the development of attack remediation and response strategies.
• Coordinate escalation handling and communication across teams.
• Good experience in reading logs from various data source includes network and host based intrusion detections.
• Collaborate with Detection and SIEM teams to enhance detection logic and alert accuracy.
• Assist in maintaining and improving incident handling documentation - such as playbooks, runbooks, and Standard Operating Procedures.
• We value hands-on practitioners, our environment includes sandboxing, red vs. blue testing, or adversary emulation frameworks (e.g., MITRE ATT&CK, CALDERA, Atomic Red Team) and opportunities to build tooling or simulate attack chains.
• Understanding of cloud logs and telemetry for signs of compromise
• Experience with computer forensics and malware analysis

Preferred Technical Skills and Experience

• 
  4 to 6+ years in a cyber incident investigation role or equivalent combination of education, certifications, and relevant training.
• Certifications - Industry-recognized certifications such as Security+, GCIA, GCIH, CISSP (or equivalent).
• Good understanding of Advanced Persistent Threat (APT) actors, their tools, techniques, and procedures (TTPs), as well as threat modelling frameworks.
• Proficiency in TCP/IP communications and knowledge of core network protocols and applications such as DNS, HTTP, and SMB etc.
• Security Infrastructure Tools: (SIEM, IDS, EDR, DNS, other Deception technologies)
• Proficiency in scripting languages such as PowerShell, Python, or Bash will be an added advantage.
• Strong problem-solving skills and ability to work under pressure.

Successful candidates might be required to undergo a background verification with an external vendor.

AI Usage in the Recruitment Process

For information on the responsible use of AI in our recruitment process, please refer to our

Please note that any violation of these guidelines may result in disqualification from the hiring process.

Job Segment:ERP, Cloud, Testing, Compliance, Cyber Security, Technology, Legal, Security

Our Global Cyber Security Incident Response and Recovery Investigator are our first line of response for security event and incidents with a global scope. They are responsible for triaging security alerts detected by Enterprise Detection and SIEM, analyzing available data to determine scope, severity, and priority to determine follow on actions, which could include escalation to a IR Investigator. In escalation cases, they then work in a supportive capacity to further validate if a cyber-attack is occurring, scoping the extent of a suspected attack, coordinating efforts to contain attacks, supporting forensic investigations to determine the details around an attack, and providing guidance on remediation actions.In this role, you will not only conduct an initial assessment of the event, but also help scope and determine root cause analysis, support development of attack remediation strategies and coordinate the communication and handling of escalations of security activities. This role also triages operational response processes like those intervening in phishing campaigns. You will also assist in the review and updating of incident handling processes, standard operating procedures, playbooks and runbooks.You will work with Detection and SIEM teams to make improvements to detection and alerting mechanisms and support forensic investigations to determine incident details and provide supporting evidence.
What you bring

You typically will have most of the following technical skills and experience:

• 8 to 14 years’ experience in a similar incident Investigator role or equivalent combination of education, certifications, and training.
• Security certification (e.g. Security+, GCIA, GCIH, GCFA, GCFE, GREM, CISSP)
• Knowledge APT actors; their tools, techniques, and procedures (TTPs)
• Knowledge of TTP methods and frameworks
• Knowledge of TCP/IP communications & knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB

Solid knowledge of one or more:

• • Windows/AD file system, registry functions and memory artifacts
  • Unix/Linux file systems and memory artifacts
  • Mac file systems and memory artifacts
  • Database, web application, Cloud Security, or mobile device cyber incident response principals and techniques
  • Experience with Encase, FTK, Autopsy, & other Cloud Forensics tools
  • Participation in CTF (Capture the Flag), Hack the Box etc..,
  • SIEM (Splunk, RSA, QRadar …)
  • Security tools: IPS, Web proxy, Email proxy, DNS, Deception, EDR etc....
  • Experience with one or more scripting languages (PowerShell, Python, Bash, Cyber Security Automation etc. )
  • Experience with integration of threat hunting and cyber threat intelligence into the incident response process
  • Experience with information security compliance audit frameworks and requirements e.g. ISO, FISMA, FedRAMP, SOC, SOX, PCI, GDPR and Data Privacy

​

About Delos Cloud:

Delos Cloud, a start-up founded by SAP, strives to deliver a sovereign cloud platform for the digital transformation of the German public sector. The platform is an essential component for the implementation of the German Administrative Cloud Strategy (DVS) in compliance with all relevant data protection, IT security, and secrecy requirements of the BSI. Delos Cloud is a trusted partner of the federal, state, and local IT service providers and complements their service portfolio. Therefore, you will find exciting and varied tasks in an innovative and meaningful environment. For more information, please visit: www.deloscloud.de

As a Cyber Defense Expert (f/m/d), you will be part of the Delos Cloud SOC.

Security is a fundamental pillar of our company brand and not just another cost center. With your experience, you will protect Germany’s only sovereign Azure Cloud and make a valuable contribution to the digitalization of our country.

You will focus on the following activities:

• Continuous security monitoring within the Delos Cloud platform
• Triage and assessments of security alerts
• Initiation and execution of incident response measures

Depending on your personal experiences and preferences, you will also support in the following:

• Digital Forensics and Malware Analysis
• Proactive searches for security threats within the Delos Cloud platform
• Further development and continuous improvement of our detection logic
• Proven track record within the SOC area, ideally at detecting and responding to cyber security incidents
• 6+ years of related professional experience
• Advanced experience in Security Monitoring & Triage
• Foundational knowledge inextensive knowledge in at least, as well as experience and interest to be primarily responsible for advancing at leastof the following areas:
- Incident Response
- Digital Forensics
- Threat Hunting
- Detection Engineering
- Malware Analysis
• Willingness to work in a 24/7 environment with on-call duties
• Fluency in German and English language - verbal and written

What you will do

An SGSC Operations Incident Response Manager defender of SAP’s digital enterprise. Our Incident Responds Manager are responsible for managing the triaging of security alerts detected by Enterprise Detection and SIEM, analyzing all available data to determine if a cyber-attack is occurring, scoping the extent of a suspected attack, coordinating efforts to contain attacks, performing forensic investigations to determine the details around an attack, and providing guidance on remediation actions.

• Performs incident response management duties as part of the Global SGSC Incident Response team.
• Provide timely and relevant updates to SAP leadership and internal stakeholders.
• Manages the process of determining the attack scope and root cause analyses by using forensic investigation methods.
• Partners with internal teams to review monitoring requirements and create detection alerts.
• Manages the development of automated workflows that will reduce detection and response times.
• Ensures the review and closure of resolved and end-user confirmed cybersecurity incidents.
• Reviews current Incident Response process workflows and recommends improvements.

What you bring

The Incident Manager’s responsibilities include overseeing the incident management process, handling various incident types, initiating an incident response procedure, and communicating and coordinating with stakeholders. Effective management of these responsibilities is critical in minimizing incidents’ impact on operations and maintaining business continuity.

• Bachelor’s or master’s degree in computer science, Information Security, Information Systems, Engineering or related work experience.
• Understanding of one or more technical areas like:
  • Network protocols (TCP/IP, TLS, HTTP, DNS, SMB, etc.)
  • File systems (exFAT, NTFS, ext4, APFS, etc.)
  • Memory forensics
  • Database and web application security
  • Cloud security
• Strong technical knowledge of information technology systems and infrastructure
• Understanding of risk management, mitigation, and incident response frameworks
• Experience communicating with senior management and executives.
• Knowledge of relevant laws and regulations related to incident response and data privacy.