Job Summary
Key Responsibilities: Lead investigation and response for critical and advanced security incidents including APTs, ransomware, insider threats, and zero-day attacks. Analyze and triage alerts from Microsoft Defender, CrowdStrike Falcon, and other security platforms. Act as the highest technical escalation point for SOC and Incident Response teams. Perform advanced threat hunting using SIEM, EDR and threat intelligence platforms. Analyze sophisticated phishing campaigns, BEC attacks, and credential compromise scenarios. Decode complex obfuscated scripts, PowerShell, JavaScript, and multi-stage malware payloads. Correlate logs across SIEM (Microsoft Sentinel, Falcon NextGen SIEM, RSA NetWitness, Proxy logs (Symantec WSS) and IPS logs (McAfee/Trellix) ) and multiple security controls. Lead response during zero-day, outbreak, and widespread compromise scenarios, coordinating with IT, engineering, and leadership teams. Define and validate Indicators of Compromise (IOCs), TTPs, and attack patterns aligned to MITRE ATT&CK Review and approve closure of all high and critical severity incidents. Mentor and provide technical guidance to L1 and L2 analysts during investigations. Ensure compliance with internal policies, regulatory requirements, and industry best practices. Review and update cybersecurity SOPs related to Incident Handling and Response to ensure compliance and effectiveness. Technical Skills Required: Expert-level knowledge of incident response lifecycle and frameworks (NIST, MITRE ATT&CK). SIEM Expertise: Hands-on experience with RSA NetWitness, Microsoft Sentinel, and Falcon NextGen SIEM. EDR Tools: Microsoft Defender for Endpoint and CrowdStrike Falcon (EDR/XDR). Strong knowledge of phishing detection and analysis techniques. Ability to decode scripts and analyze obfuscated files. Deep understanding of Proxy logs (Symantec WSS), IPS logs (McAfee/Trellix), firewall, DNS, and network telemetry. Ability to analyze multi-stage attacks and lateral movement techniques. Experience automating response actions using XSOAR platforms (Palo Alto). Hunt for Indicators of Compromise (IOCs) across consoles like Proxy, FireEye EX/NX/HX, IPS, SEP, BitSight,CloudSek. Coordinate with stakeholders for containment actions (blocking domains/IPs, privilege restrictions, password resets). Knowledge of ticketing system/Case Handling Management (ServiceNow, XSOAR). Ability to create executive-level and technical incident reports. Review and validate incident documentation for high/critical severity cases, ensuring investigation notes capture timeline, impact, scope, IOCs/TTPs, containment/eradication actions, and final RCA in line with IR standards. · Own and publish weekly and post-incident reporting for leadership including incident trends, root causes, control gaps, SLA adherence, and actionable recommendations Ensure adherence to SOPs and compliance requirements, and drive continuous improvements by updating IRPs, refining escalation/communication workflows. Additional Requirements: · Excellent analytical and problem-solving skills. Ability to lead incident response under pressure and during crisis situations. ·
- Ability to collaborate across SOC, IT, Engineering, and Leadership teams.
Work from office hybrid mode
Education Qualifications
- Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field is required.
- Advanced degrees or relevant postgraduate certifications are a plus.
Key Responsibilities
2. To Coordinate With Outsourced Vendors And Ensure Smooth Delivery Of Work
3. To Lead And Manage The It Team
4. To Participate In Audits And Work Towards Compliance To Ipr
5. To Participate In Rfps| Rfis And New It Infra Creations
6. To Provide Budget Inputs To The Function Head And Manage Costs Within The Assigned Area
7. To Review The Operations And Resolve Or Escalate The User Escalations To Other Domain Vertical Teams