Religare Health Insurance - Lead - Security Incident Management

Care Insurance (formerly known as Religare Health Insurance) Information Security team is seeking a Leader for it's Security Incident and Response team. The role requires efficient incident response and remediation to minimise the impact of cyber risks. The individual will oversee Security monitoring, Security tools Operations, Security incidents, ensure incidents are managed effectively and reported to stakeholders. This team is responsible to complete tasks designed to ensure the confidentiality, integrity, and availability of the organization's systems and informational assets. Lead of this team will oversee the incident response team and forensics efforts for all the security related investigations, including collecting logs, documenting response steps, and collecting critical evidence. Assist in compliance auditing internal systems against baseline configuration requirements and adherence to internal Security Policy. The role requires to demonstrate command of knowledge in the security industry and to keep up to date knowledge of security threats, vulnerabilities, exploits, and trends in the security environment and their impact on the IT systems. Assist in coaching and providing oversight of Junior-level analysts. Also assist the management team with developing and maintaining information security policies and procedures and tracking compliance throughout the organization. Work is generally independent of management oversight and collaborative in nature with the rest of the team.

As a security leader, you will participate in the care insurance security strategy build out, road-map planning, project execution scheduling, building a team of security analysts/engineers and fostering a strong team culture.

Key Responsibilities:

- The individual should be an expert in incident response containment, eradication and remediation activities. The role requires strong technical skills and the ability to make quick decisions.

- Monitor and provide security analysis on a wide array of security infrastructure

- Monitor and provide security analysis on Web Application and related security Infrastructure.

- Conduct both network and host-based analysis leveraging security tools as part of log monitoring and incident management functions.

- Monitor, investigate, analyze, and remediate or escalate indications of compromised or breached systems and applications.

- Conduct daily security log review tasks

- Respond to customer inquiries in a timely manner, guiding and advising customers on security best practices in a friendly customer-facing manner.

- Research and investigate new and emerging threats and vulnerabilities and participate in security communities.

- Operational management of Security tools (IDS / IPS), Firewalls Anti-Malware and Anti-Virus systems, Endpoint DLP

- Lead team of SOC analysts, providing guidance and training on a continued basis

- Contribute towards the transformation of Cyber Security capability, ongoing maintenance and any security related projects, ensuring the implemented controls are effective.

- Detect, identify and respond to cyber events, threats, security risks and vulnerabilities in line with cyber security policies and procedures.

Required Qualifications:

- Advanced knowledge and understanding of Windows, Linux, Unix Operating System, Networking concepts

- Advanced knowledge of SIEM Tools (Splunk/Dnif/Arcsight/Logrhythm/ELK) and SIEM Administration.

- Ability to design and recommend custom correlation rules.

- Advanced knowledge of Web Attacks and remediation actions.

- Sound understanding of Intrusion Detection/Protection Systems (IDS/IPS), Data Loss Prevention, Firewalls including Next-Gen, centrally-managed Anti-Malware and Anti-Virus systems, and Security Information and Event Management (SIEM) systems.

- Ability to put separate pieces of information together during investigations

- Technical understanding of current cyber security threats and trends.

- Ability to follow standard operating procedures

- Self-motivated and detail-oriented.

- Excellent communication (oral and written), interpersonal, organizational, and presentation skills.

- Strong knowledge in malware analysis and also the ability to conduct detailed analysis of various security related events like Phishing events, Spoofing events, DoS-DDoS events, SQL Injections events, Ransomware etc.

- Knowledge of Networking, Cloud Security, Active Directory and Privileged Access Management best practices

Qualifications / Experience:

- Security and Technical Certifications preferred: MCSA, MCSE, RHCA, RHCE, PCNSE, CEH, CHFI, SIEM product Certifications.

- Bachelors degree in information technology or Information Security subject areas (preferred).

- 8+ years of Information Security Operations experience.

- Relevant experience to include computer security or information systems operations.

- Prior experience working as a Senior SOC analyst in 24x7 environment

- Knowledge of Threat Hunting and Purple teaming a plus.