Incident Response Consultant

Description :- The IR Lead is responsible for designing and implementing strategies to contain and eradicate threats.- Respond to intrusion attempts, identifying full scope of impact and attack vector- Lead response and investigation efforts into advanced/targeted attacks- Experience with investigative technologies such as SIEM, packet capture analysis, host forensics and memory analysis tools- Work with various internal teams to identify gaps in and expand coverage of endpoint, logging and network tooling to improve monitoring and response capabilities.- Assist in the design, evaluation and implementation of new security technologies.What you do :- Create Weekly and monthly (WSR, MSR & QBR) dashboard to represent data based on business requirement.- Investigate and remediate threats and alerts escalated from L2 for additional context / risk assessments- Maintain incident tracker with updated data of incidents.- Develop remediation plans, RCA, Lesson learnt and identify repeat security incidents trending and recovery strategy,- Good understanding of security SLAs- First-touch for alerts involving VIP detection- Recommend and implement tuning and enhancement to defined alerting rules and SOPs- The security specialist is responsible for conducting information security investigations because of security incidents identified by the tier 2 security analyst who are monitoring the security consoles from various SOC entry channels (SIEM, SNOW Tickets, Email and MDE),- Performing day to day activities of the Content Team, including, Supporting, developing, executing testing of new content rules, fine tuning & documenting additions, deletions, and modifications of content rules.- Update of all 'content' related information in security platforms (SIEM, Deep Packet Inspection, End Point Security tools).- Maintaining direct and regular interaction with the organizational stakeholders to enhance content across the platforms, and mature the security program, based on risk posture, threat landscape, and changing business requirements.- Working with cross-organization teams to evaluate the quality of provided data sources and recommending improvements to the sensing capabilities and coverage.- Working with the other security functions to identify and apply Cyber Threat Intelligence from internal and external sources to the existing Content Library.- Ability to work with various teams and lead them for any security incident to find the root cause with good analytical capability, make necessary actions to reduce them, set action plans to stop future attacks, and report to management for the overall situation.- Initiate process improvement programs to enhance the efficiency of the SOC- Maintain database/tracker for past incident trends to provide analysis and intel to manage future critical incidents.- Join the critical and major incident call and provide inputs from past incidents to support to L1/L2 resources for quick resolution of incidents,- Post-incident, the IR Lead will make efforts to fix vulnerabilities, improve incident response strategies, and implement preventative security measures.- Collect intrusion artifacts such as source code, malware, and trojans. Use the discovered data to enable mitigation of potential cyber defence incidents.- Perform digital forensics which involves investigating and reconstructing cybersecurity incidents by collecting, analyzing, and preserving digital evidence,What we are looking for :- Experience identifying, investigating, and responding to complex attacks in the cloud or on premises.- 7+Years of experience in SOC Operations.- Strong understanding of threat landscape in terms of the tools, tactics, and techniques of threats employing both commodity and custom malware- Strong hands-on experience with sentinel ES, including development of content, ingestion of feeds, and other platform administration functions- Very good understanding of security tools/logs like FW, IPS/IDS, Sensors, EDR/NDR/XDR, Proxy, DNS, DDos, SIEM -sentinel, MITRE ATT&CK Framework (Must have), Sec -Ops, Service Now Good Understanding of OWASP top Vulnerability. ITSM Tools, sentinel ES. - Strong understanding of SOAR, Play book Creation & Enhancement & Automation.- Experienced in sentinel integration with monitoring tools like AWS CloudWatch, Cloud Trail, AppDynamics, SCOM, SolarWinds- Strong understanding of how complex, multi-stage malware functions. Good Understanding of Windows & Linux Operating Systems.- Manages sentinel knowledge objects (Apps, Dashboards, Saved Searches, Scheduled Searches, Alerts)- Develop custom sentinel apps to meet customer needs in a variety of domains : IT infrastructure, financial, IT ops, Application management, human resources, physical security, etc.- PowerShell, and batch scripts; ability to develop scripts in these languages to support sentinel sentinel integration with ticketing tools, SOAR, Threat intelligence platforms etc.- Knowledge of statistical modelling for anomaly, ML and outlier detection- Security certifications like CEH, OSCP, CISSP, SANS GCIA, or CISM other SANS defence-related certifications (GSOC/GCDA).- Strong understanding of the underlying sentinel infrastructure and components (lookups, modular inputs, standard inputs, relationships between varying configuration files, etc.) (ref:hirist.tech)