- Location
- Ahmedabad, Gujarat, India
- Job type
- Full-time
Required skills
- SIEM
- cross-functional
- incident response
- Linux
- malware analysis
- Splunk
- TCP
About the role
Adani Enterprises Limited
Website:
adanienterprises.com
Job details:
Responsibilities
- Responsible for handling day-to day operations to monitor, identity, triage and investigate security events from various Endpoint (EDR), Network and Cloud security tools and detect anomalies, and report remediation actions.
- Responsible for detecting and responding to security incidents, coordinating cross-functional teams to mitigate and eradicate threats.
- Effectively investigative and identify root cause findings then communicate findings to stakeholders including technical staff, and leadership.
- Work with key stakeholders to implement remediation plans in response to incidents.
- Author Standard Operating Procedures (SOPs) and training documentation when needed.
- Generates end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty.
- Responsible for working in a 24/7 environment including night shifts and the shifts are decided based on the business requirement.
- Conduct malware analysis, host and network, forensics, log analysis, and triage in support of incident response.
- Security Utilize state of the art technologies such as host forensics tools (FTK/Encase), Endpoint Detection & Response tools, log analysis (Sentinel) and network forensics (full packet capture solution) to perform hunt and investigative activity to examine endpoint and network-based data.
- Recognize attacker and APT activity, tactics, and procedures as indicators of compromise (IOCs) that can be used to improve monitoring, analysis, and incident response.
- Develop and build security content, scripts, tools, or methods to enhance the incident investigation processes.
Qualifications
Educational qualifications:
- Bachelor’s degree relevant to Information Technology, Computer Science/Engineering (or equivalent).
- Advanced certification desirable GCIH, GCIA, GCFE, GREM, GCFA, GSEC
Experience
- Minimum 4-8 years in an Incident Responder/Handler role
- Strong experience in SIEM (Security Incident and Event Monitoring) processes and Products (e.g., ArcSight, Microsoft Sentinel etc.)
- Full understanding of Tier 1 responsibilities/duties and how the duties feed into Tier 2. The ability to take lead on incident research when appropriate and be able to mentor junior analysts.
- Advanced knowledge of TCP/IP protocols
- Knowledge of Windows, Linux operating systems
- Knowledge of Intrusion Detection Systems (IDS) and SIEM technologies; Splunk or Sentinel experience
- Knowledge on threat hunting
- Deep packet and log analysis
- Some Forensic and Malware Analysis
- Cyber Threat and Intelligence gathering and analysis.
- Bachelor’s degree or equivalent experience
Click on Apply to know more.
This page is fully interactive when JavaScript is enabled. Please enable JavaScript to apply or browse related roles.