07/09 HR
Recruitment at MNR Solutions Private Limited

Views:1424 Applications:19 Rec. Actions:Recruiter Actions:15

Lead - Cyber Forensics & Incident Response - IT (5-14 yrs)

Hyderabad Job Code: 740697

- Performs triage and deep dive forensic analysis of host-based artifacts

- Ability to quickly identify the source of a security breach and make immediate recommendations to move toward containment

- Identify and investigate intrusions to determine the cause and extent of the breach, leveraging threat intelligence sources

- Performs triage level dynamic malware analysis (static/dynamic)

- Works with Network forensic team during an incident providing findings from host-based analysis

- Analyzes large data sets from various log sources using automated methods including scripting and/or SIEM (Splunk, ELK, AlienVault)

- Leverages threat intelligence (IOCs, updated rules, etc.) to identify affected systems and scope of the attack

- Examine firewall, web, database, and other log sources to identify evidence and artifacts of malicious and compromised activity

- Experience performing deep network packet analysis

- Strong documentation skills including the ability to write both high level and detailed reports

- Can act as a mentor for Tier 1 and 2 during the investigation and analysis of host-based artifacts

- Act as an escalation point for client's Incident Response team on critical security events

- Effectively communicate and interface with clients, both technically and strategically from the executive level, to client stakeholders and legal counsel

- Analyzes and interprets, searching, and manipulating data within Alien Vault, Splunk, ELK, (SIEM)

- Parses large data sets from network artifacts extracting metadata to provide context in support of the overall incident

- Works with Tier 1 and 2 analysts from Network and Host Forensics teams during an incident collaborating on findings in an iterative manner

- Applies knowledge of common Attack Vectors DDoS attacks, Phishing, Web Attacks, and Malware to deep dive forensic analysis investigations

Should Have: 

- Experience with one or more of the following EnCase, X-Ways Forensics, FTK, Axiom Magnet

- Forensics, Volatility Memory Forensics, Mandiant Redline, SANS SIFT

- Experience and familiarity with EDR security tools for Threat Hunting

- Experience conducting forensic analysis in support of Business Email Compromises, Ransomware, and Intrusions

- Has conducted forensic analysis of Windows Operating systems (client and server)

- Experience conducting forensic analysis of Mac OS or

- Linux or is familiar with Mac OS and Linux system artifacts

- Experienced with EnCase, FTK, X-Ways, SIFT, Splunk, Redline, Volatility, WireShark, TCPDump, and open source forensic tools

- Deep experience performing Windows/Linux/MacOS forensic analysis in the context of an incident

- Programming experience (prefer one or more of the following: C, C++, Java, Assembly, Python

- Experience scripting in Bash, Python, or PowerShell

- Strong knowledge in TCP/IP, cryptographic protocols and algorithms, operating system (MAC\Linux\Windows) internals and operations

This job opening was posted long time back. It may not be active. Nor was it removed by the recruiter. Please use your discretion.

Women-friendly workplace:

Maternity and Paternity Benefits

Add a note
Something suspicious? Report this job posting.