jobseeker Logo
Now Apply on the Go!
Download iimjobs Jobseeker App and get a seamless experience for your job-hunting
07/09 HR
Recruitment at MNR Solutions Private Limited

Views:1206 Applications:19 Rec. Actions:Recruiter Actions:15

Lead - Cyber Forensics & Incident Response - IT (5-14 yrs)

Hyderabad Job Code: 740697

- Performs triage and deep dive forensic analysis of host-based artifacts

- Ability to quickly identify the source of a security breach and make immediate recommendations to move toward containment

- Identify and investigate intrusions to determine the cause and extent of the breach, leveraging threat intelligence sources

- Performs triage level dynamic malware analysis (static/dynamic)

- Works with Network forensic team during an incident providing findings from host-based analysis

- Analyzes large data sets from various log sources using automated methods including scripting and/or SIEM (Splunk, ELK, AlienVault)

- Leverages threat intelligence (IOCs, updated rules, etc.) to identify affected systems and scope of the attack

- Examine firewall, web, database, and other log sources to identify evidence and artifacts of malicious and compromised activity

- Experience performing deep network packet analysis

- Strong documentation skills including the ability to write both high level and detailed reports

- Can act as a mentor for Tier 1 and 2 during the investigation and analysis of host-based artifacts

- Act as an escalation point for client's Incident Response team on critical security events

- Effectively communicate and interface with clients, both technically and strategically from the executive level, to client stakeholders and legal counsel

- Analyzes and interprets, searching, and manipulating data within Alien Vault, Splunk, ELK, (SIEM)

- Parses large data sets from network artifacts extracting metadata to provide context in support of the overall incident

- Works with Tier 1 and 2 analysts from Network and Host Forensics teams during an incident collaborating on findings in an iterative manner

- Applies knowledge of common Attack Vectors DDoS attacks, Phishing, Web Attacks, and Malware to deep dive forensic analysis investigations

Should Have: 

- Experience with one or more of the following EnCase, X-Ways Forensics, FTK, Axiom Magnet

- Forensics, Volatility Memory Forensics, Mandiant Redline, SANS SIFT

- Experience and familiarity with EDR security tools for Threat Hunting

- Experience conducting forensic analysis in support of Business Email Compromises, Ransomware, and Intrusions

- Has conducted forensic analysis of Windows Operating systems (client and server)

- Experience conducting forensic analysis of Mac OS or

- Linux or is familiar with Mac OS and Linux system artifacts

- Experienced with EnCase, FTK, X-Ways, SIFT, Splunk, Redline, Volatility, WireShark, TCPDump, and open source forensic tools

- Deep experience performing Windows/Linux/MacOS forensic analysis in the context of an incident

- Programming experience (prefer one or more of the following: C, C++, Java, Assembly, Python

- Experience scripting in Bash, Python, or PowerShell

- Strong knowledge in TCP/IP, cryptographic protocols and algorithms, operating system (MAC\Linux\Windows) internals and operations

Women-friendly workplace:

Maternity and Paternity Benefits

Add a note
Something suspicious? Report this job posting.