Job Summary
Company Name
About the Business & Position Overview
Job Profile
Key Responsibilities
- Develop and sustain incident response strategy covering the complete organization from policy, procedure, and playbooks perspective.
- Be a point of contact in case of an incident and managing incident from detection to closure, post -incident analysis and further communication to all relevant stakeholders to prevent any further damage.
- Planning and executing threat hunting will be the primary focus of this role along with in-depth investigation and support to incidents escalated from SOC.
- Leading the technical and incident responders into cybersecurity and taking responsibility for the timely identification of threats and minimising the same.
- Ensuring the completion of post-incident reviews, assessing the effectiveness of controls, detection, and response capability, and supporting the required improvement in people, process and technology.
- Experience in conducting cyber incident drills.
- Collaborated with internal and external stakeholders (as applicable) for incident response and investigation.
- Deep understanding of the technologies such as Next gen AV, EDR, Vulnerability Management, HIPS, NIDS, Web proxy, DNS, DHCP, AD, Databases, Full packet capture, host based & network-based forensics and encryption.
- Technical know-how on the organization-s network, application, Data, systems and infrastructure.
- Be the Subject Matter Expert (SME) on incident response processes, tools and approaches to the wider team and other stakeholders.
- Must be able to conduct a detailed analysis of various security related events like Phishing, Malware, DoS/ DDoS, Application specific attacks, Ransomware etc.
- Creation of reports, dashboards, metrics related to the security incidents and presentation to Senior Management.
- Experience working in large scale complex environment.
- Think about cyberattacks and propose remedial steps based on the attack pattern.
- Broad level of knowledge of security technologies.
- Excellent knowledge of methodologies, processes and tools associated with supporting this function effectively.
Job Description
The current rise in cybercrimes is multifold and more complex, it necessitates to have a robust cyber defense mechanism in place. The Cyber defense & investigation manager will cover the incident response planning to lessons learnt documentation and security investigations. The responsibilities of this role will be to develop incident response playbooks, respond to the security incidents effectively, initiate containment steps in collaboration with internal and external stakeholders (as applicable and appropriate), collect digital evidence related to the incident, detailed analysis, and training. Individuals must have exposure to the cyber incident response and security investigations process to be able to understand the attack and respond appropriately

Qualification Details
Essential Qualification: - Graduate in any discipline (Preferably in IT / Computer Science)- Relevant industry certification such as SANS GIAC / GCIA / GCIH / CISSP / OSCP, CEH, and or SIEM specific training and certification will be an added advantage.
Preferred Qualification: SIEM specific training and certification will be an added advantage.
Experience Details
Essential Experience: - Overall, 8 -10 years in Cybersecurity domains, relevant experience in incident response and investigations 5-6 Years.- Must have 2-3 years of SOC experience.- Knowledge of the SOC infrastructure and logging mechanisms of various technologies used in an organization.- Good knowledge and understanding of the SIEM technologies.- Very good understanding of the cycle of cyber threats, attacks, attack vectors and various methods of exploitations.
Preferred Experience: Candidate who is handling Cyber defense portfolio will be preferred.
Special Skill
Essential : - An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understandable and actionable manner.
- Excellent interpersonal skills, comfortable working at all levels within an organization and in a wide variety of situations.
- Strong security mindset and a fast leaner.
- Good communication and analytical skills
- Questions status quo and navigates through roadblocks.
- Security project management and planning.
- Defining problems, collecting, and analysing data, establishing facts and drawing valid conclusions.
- Using judgment and ingenuity in maintaining objectives and technical standards.
- Self-motivating and able to work under own initiative.
- Professional with a strong work ethics.
- Able to thrive in a highly pressurized and changing environment.
- Ability to work outside of working hours.
- Thinks out of the box.
- Identify and assists in maturing capability gaps.
- Diplomatic with the ability to interact successfully with all levels of the business.
- An ability to translate security requirements and standards into easily understood business concepts and vice versa.
- Good understanding of the offensive and defensive side of security.
Preferred : - Scripting skills for automation / evidence collection etc. in Windows, Linux environments.
- Strong knowledge in malware analysis would be a plus.