Happiest Minds Technologies
Website:
happiestminds.com
Job details:
Cyber Security Incident Management
As part of this service, the client will perform the following:
Incident Sources Covered
Monitor, integrate, and respond to incidents originating from, the following sources:
- Akamai Web Application Firewall (WAF)
- Extended Detection and Response (XDR) Managed Services (e.g., CrowdStrike)
- Endpoint Detection and Response (EDR) solutions
- Bug Bounty and Vulnerability Disclosure Platforms (e.g., Bugcrowd)
- Security Operations Center (SOC) alerts (from SIEM/SOAR platforms)
- Threat Intelligence Feeds (e.g., Anomali, vendor advisories)
- Internal User and Business Reporting Channels
- Application Performance Monitoring (APM) alerts (e.g., New Relic)
General Service Requirements
- Demonstrate a thorough understanding of cybersecurity incident management and align with industry best practices.
- Ensure immediate and appropriate response to incidents according to predefined severity levels and Incident Management Processes.
- Investigate incidents thoroughly, document actions taken, and comply with reporting requirements.
- Retain all records and logs related to security incidents and investigations.
- Implement corrective and preventive measures based on the incident's root cause.
- Support incident detection and alerting from Retail-specific APM tools (e.g., New Relic), ensuring coordination between development, application, and security teams.
- Standardize incident handling processes through documented playbooks.
- Coordinate incident resolution actions across IT, application, and infrastructure teams, ensuring closure within agreed SLAs.
- Support internal investigations led by MAF (Majid Al Futtaim) teams as required.
- Review and recommend enhancements to SOC use cases for better detection capabilities.
- Support and manage related ticket types including LSM (Log Source Management), SCM (Security Configuration Management), and Threat Intelligence Tickets.
Detection & Intake
- Continuously monitor and collect security events from all listed sources.
- Validate and normalize alerts, eliminating false positives to focus on genuine incidents.
Initial Analysis & Triage
- Confirm the authenticity of reported incidents.
- Determine the nature, origin, and threat actor behaviour.
- Categorize incidents based on their potential impact and urgency.
Severity Classification
- Assign severity levels (e.g., P1, P2, P3) based on predefined business impact criteria, data sensitivity, and operational risk.
- Ensure P1 incidents are treated as high-priority events requiring immediate containment and escalation.
- Follow the agreed severity classification framework for consistency.
Incident Containment
- Execute immediate containment actions such as isolating compromised systems, blocking malicious traffic, or disabling compromised accounts.
- Recommend and coordinate appropriate mitigation steps with responsible technical teams.
Escalation & Coordination
- Initiate a "War Room" (bridge call) for all P1 incidents to ensure rapid response coordination.
- Engage relevant stakeholders, including BISO (Business Information Security Officer), system owners, and impacted business units.
- Maintain continuous real-time status updates and detailed documentation during the incident lifecycle.
Remediation Support
- Provide guidance on necessary remediation actions to relevant IT teams.
- Ensure full eradication of Indicators of Compromise (IoCs).
- Coordinate activities such as patching, system hardening, and control implementations where necessary.
Communication & Updates
- Deliver timely incident status updates to stakeholders.
- Document all incident actions, decisions, and timelines within the incident management and tracking platforms.
Post-Incident Analysis & RCA
- Conduct Root Cause Analysis (RCA) for all P1 incidents and select significant P2 incidents.
- Identify underlying security gaps and propose improvement recommendations.
- Produce a formal RCA report with detailed findings, lessons learned, and corrective action plans.
Incident Management,Mitre Att&Ck,Incident Response
Click on Apply to know more.