EY TC-CS-Cyber Detection Response-IR-DFIR-Senior 

India, Karnataka, Bengaluru 

490069114

KEY Capabilities:

• Demonstrated skills in Cybersecurity investigations including computer forensics, network forensics, malware analysis and memory analysis
• Security monitoring experience with one or more SIEM technologies – Splunk, IBM QRadar, Securonix, etc.
• Excellent teamwork skills, passion and drive to succeed and combat Cyber threats
• Should have worked in a security operations center and gained understanding of SIEM and other log management platforms. Having experience in Splunk content development will be an added advantage
• Should have good hands-on experience and skills on advanced and integrated SOC Technology like SIEM, SOAR, EPP, EDR solutions, Firewalls, IDS/IPS, Web Proxy, Enterprise Forensics tools.
• Should have knowledge of IDAM, AD/Domain Controllers, Security event logs.
• Good hands-on experience in any scripting language (like Python, PowerShell, Perl, etc) to effectively automate the analysis of various logs/artifacts.
• Experience with cloud infrastructures for the enterprise, such as Amazon Web Services, G Suite, Office 365, and Azure.
• Knowledge of methods utilized for evidence collection, maintenance of chain of custody, evidence storage and analysis, and evidentiary reporting
• Good knowledge in threat modelling.
• Knowledge in Network monitoring technology platforms such as Fidelis XPS or others
• Knowledge in endpoint protection tools, techniques and platforms such as Carbon Black, Tanium, Microsoft Defender ATP, Symantec, McAfee or others

Key Responsibilities:

• Leads and participates to the continuous improvement of the service (detection level, process, operational procedures, service efficiency, service reporting) Investigates deeper on the detected behaviors when an incident is escalated by the level 1 analyst
• Identify and investigate intrusions to determine the cause and extent of the breach, by leveraging EDR solutions, Network security solutions, threat intelligence sources and Forensic tools
• Act as a point of escalation for tier 1 security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques
• Mentor security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks in support of technologies managed by the Security Operations Centre
• Perform host and network forensics, log analysis, and malware analysis (if required) in support of incident response investigations
• Perform threat hunting across client’s networks hunting for evidence of a compromise
• Perform incident response within various Cloud platforms
• Develop indicators of compromise by Identifying attacker tools, tactics, and procedures
• Develop and implement remediation plans along with incident response
• Provide expert opinions based on findings and analysis
• Share investigation/status reports and presentations for both technical and executive audiences

Qualification & experience:

• Bachelor’s or Master’s degree with 5 to 8 years of experience in Cyber Security. 3-5 years previous Security Operations Center Experience in conducting security investigations, Incident response or Forensics
• Demonstrated skills in investigations including computer forensics, network forensics, malware analysis and memory analysis
• Ability to analyze data, such as logs or packets captures, from various sources within the enterprise and draw conclusions regarding past and future security incidents
• Strong written communication skills and presentation skills
• Strong knowledge of IT including multiple operating systems and system administration skills (Windows, Solaris, Unix)
• Good knowledge in programming or Scripting languages PowerShell, Bash & Python
• In-depth understanding of: threat based IS/IT security, latest security technologies and concepts, threat management, incident and vulnerability handling.
• Experience and keen understanding of cybersecurity tools, including SIEM, IDS/IPS, antivirus and endpoint detection & response solutions
• Effective communication skills and ability to present information to a wide variety of internal stakeholders, including senior level leadership.
• Professional experience working with sensitive or confidential information in a work environment.
• Relevant technical and industry certifications are a plus (e.g. CISSP, GCIH, OSCP, CEH).
• Certification in any one of the SIEM Solution such as IBM QRadar, Exabeam, Securonix and Splunk will be an added advantage

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.