EY TC-CS-Cyber Detection Response-EDR-Senior 

India, Karnataka, Bengaluru 

703873914

KEY Capabilities:

• Excellent teamwork skills, passion and drive to succeed and combat Cyber threats
• Work collaboratively with other team members to find creative and practical solutions to customers’ challenges and needs.
• Expertise in design, implementation and operation of EDR solution such as Carbon Black, Tanium, Crowdstrike , Cortes XDR , Microsoft Defender ATP , MacAfee, Symantec and similar technologies,(including migration)
• Provide consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment.
• Perform remote and on-site gap assessment, customization, installation, and integration of the EDR solution.
• Knowledge of cyber threat intelligence
• Experience in several of the following areas cybersecurity operations, network security monitoring, host security monitoring, malware analysis, adversary hunting, modern adversary methodologies, all source intelligence analysis, analytical methodologies, confidence-based assessments, and writing analytical reports.
• Working knowledge of Cuckoo, CAPE, or any other sandbox platforms
• Experience with security orchestration automation and response tools (Phantom, Resilient, XSOAR) and incident response platforms/DFIR toolsets
• Experience with threat hunting using cyber threat intelligence by analyzing large and unstructured data sets to identify trends and anomalies indicative of malicious cyber activities.
• Expertise in EDR use case development which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems
• Willing to learn new technologies and take up new challenges. Assist in developing high-quality technical content such as automation scripts/tools, reference architectures, and white papers.
• Experience in responding to the RFPs and preparation of Project Plan
• Expertise in integrating EDR devices including unsupported (in-house built) by creating custom parsers
• Good knowledge in threat modelling. Experience in creating use cases under Cyber kill chain and MITRE attack framework
• Knowledge in Network monitoring technology platforms such as Fidelis XPS or others.
• Ability to lead a team / project on various phases.
• Deep understanding on Market trends and ability to adapt based on that.
• Below mentioned experiences/expertise will be added advantage
  • Deep understanding in various SIEM solutions like Splunk, Qradar, LogRhythm, Securonix, Elastic.
  • Knowledge in scripting using Python
  • Experiencing advising on Cloud Security capabilities across various platform mainly Azure
  • Configure data digestion types and connectors
  • Analytic design and configuration of the events and logs being digested
  • Develop, automate, and orchestrate tasks(playbooks) with logic apps based on certain events

Qualification & experience:

• Minimum of 6 to 12 years’ experience with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated security intelligence solution into global enterprise environments.
• Strong oral, written and listening skills are an essential component to effective consulting.
• Strong background in network administration. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary.
• Must have knowledge of Vulnerability Management, basic Windows setup, Windows Domains, trusts, GPOs, server roles, Windows security policies, basic Linux setup, user administration, Linux security and troubleshooting.
• Good to have experience in handling big data integration via Splunk or other SIEM
• Deep understanding in Malware Analysis and Incident Response
• Good knowledge in programming or Scripting languages such as Python, JavaScript, Bash, PowerShell, Bash, Ruby, Perl, etc
• Must have honours degree in a technical field such as computer science, mathematics, engineering or similar field
• Minimum 4 years of working in a security operations center
• Certification in any one of the EDR or SIEM Solution is a must
• Certifications in a core security related discipline will be an added advantage.

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.