EY Cyber Defense - Triage Forensic Analyst 

India, Kerala, Thiruvananthapuram 

246876115

The Senior Security Analyst in Cyber Defense CTF (Cyber Triage and Forensics) plays a

• You will work collaboratively to detect and respond to information security incidents, develop, maintain, and follow procedures for security event alerting, and participate in security investigations.
• Engage in proactive threat hunting and provide expert security assessments, utilizing EDR, SIEM, and other tools to understand and counteract the cybercrime landscape
• Communicate with IT stakeholders during incident response activities, ensuring effective containment, remediation, and accurate identification of compromise indicators
• Report on incident metrics, analyse findings, and develop reports to ensure comprehensive resolution and understanding of security events
• Act as an escalation point for incident response, shiftlead, mentor junior team members, and contribute to team skill enhancement
• Analyse security events, provide feedback on security controls, and drive process improvements to strengthen the organization's security posture
• Maintain and improve security incident processes, protocols, and standard operating procedures to reflect best practices in security incident response

• Proficient in Cyber investigationincluding evidence management in line with best practices and using advanced tools for threat detection and incident management including advanced querying with KQL

• Proficient in analyzing varied data sets, identifying malware, and conducting comprehensive security event analysis from network traffic attributes and host-based attributes to detect information security incidents and latent threats.

• Proficient in conducting detailed forensic investigations across various operating systems, with a keen eye for obfuscation and the ability to clearly communicate findings
• In-depth understanding of Active Directory security, with strong scripting abilities to automate response measures and improve operational effectiveness

• Undergraduate or Postgraduate Degree in Computer Science, Engineering, or a related field (MCA/MTech/BTech/BCA/BSc CS or BSc IT)
• At least 7 years of overall experience with a minimum of 5 years specialized in incident response, computer forensics, and Security Operations.
• Proficiency in operating within a Security Monitoring/Security Operations Center (SOC) environment, including experience with CSIRT and CERT operations
• Demonstrated experience in investigating security events, threats, and vulnerabilities
• Strong understanding of electronic investigation and forensic methodologies, including log correlation, electronic data handling, investigative processes, and malware analysis
• In-depth knowledge of Windows and Unix/Linux operating systems, and experience with EDR solutions for threat detection and response

• Desired certifications such as SSCP, CEH, GCIH, GCFA, GCIA, GSEC, GIAC, Security+.
• Experience with security incident response in cloud environments, including Azure.
• Knowledge of legal considerations in electronic discovery and analysis
• Proficiency in scripting or programming (e.g., Shell scripting, PowerShell, C, C#, Python)
• Solid understanding of security best practices for network architecture and server configuration

• Demonstrates integrity in a professional environment
• Strong ethical behavior
• Ability to work independently
• Possesses a global mindset for working with diverse cultures and backgrounds
• Knowledgeable in industry-standard security incident response processes, procedures, and lifecycle
• Positive attitude and Excellent teaming skills
• Excellent social, communication, and writing skills
• Good presentation skills
• Excellent investigative, analytical, and problem-solving skills

• Coordinate escalations and collaborate with internal technology teams to ensure timely resolution of issues
• Provide mentoring and training to other team members as required, supporting their development and ensuring consistent team performance

• Should be willing to work in shifts

What we offer

• Continuous learning:You will develop the mindset and skills to navigate whatever comes next.
• Success as defined by you:We will provide the tools and flexibility, so you can make a significant impact, your way.
• Transformative leadership:We will give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture:You will be accepted for who you are and empowered to use your voice to help others find theirs.

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.