Archives: Jobs

Team Lead – Threat and Vulnerability Researcher – Security Operations Centre

Job Details

Job Title

Team Lead-SOC

Department

Cyber Security

Reporting to

Head Cybersecurity Operations

Location

Ahmedabad

Job Objective

Our Cyber Security Operation function works to continuously strengthen cyber security posture through research, threat simulations, threat hunting, and offensive security engagements.

In this role, you will be responsible to proactivelyresearch,investigateand mitigate the latestthreats,andwork witha diverse team ofincident response analysts, threat hunters,engineers,and internal & external partners tosolve problems. We’re looking for Security Researchers who can apply their in-depth knowledge of security to identify intrusions and track the actors behind them through large-scale data analysis. You will join the group that is responsible for advanced threat detection capabilities. We are seeking individuals who are passionate about security.

 

Roles and Responsibilities

Track insights from security researchers and real incidents to develop durable attack detection capabilities across the kill-chain.

Author innovative logic and rules to detect attacksleveraging telemetry and intel available in our products.

Uncover attacker campaigns to disrupt them and protect our customers.

Trackadversary activities to develop and enhance detections in our products.

Conduct research that yields new insights, hypothesis, algorithms, and prototypes that advance state-of-the-art of threat protection.

Improve the quality, effectiveness and accuracy of various detections running in our products.

Analyze activity to identify weaknesses that were exploited and perform root cause analysis

Proactively hunting threats, blue teaming, performing exploit and vulnerability research, all in order to find and close holes exploited by bad actors.

Locating trends in abuse vectors, communicating with leadership to apprise of extent, and advocating for appropriate product changes to prevent future occurrences.

Work with cross-functional teams to resolve computer security incidents

Continuously review security bulletins and related news; stay apprised of current threats and trends.

Should be comfortable to be part of 24*7 SOC services.

 

 

 

 

 

 

Job Requirements

Educational qualifications:

Bachelor’s degree relevant to Information Technology, Computer Science/Engineering (or equivalent).

Advanced certification desirable GCIH, GCFA, GCDA, GCIA, GDAT, OSCP, CySA+, SEC+

 

Experience:

Must have good written communication skill

Minimum 2+ years’ experience in Threat Researcher roleand experience working on threat intel platform & Advisory role

Overall 4+ years of hands-on experience in a Security Information and Event Management (SIEM) tool, such as Sentinel, EDR, Threat Intel platform

Experience in endpoint security, malware sandbox, antivirus engines.

Experience in Incident Analysis and Response using industry standard frameworks such as MITRE ATT&CK and the Cyber Kill Chain

Must be able to validate findings, perform root cause analysis, and deliver recommendations for fixes.

Must have strong fundamentals in security concepts, cryptography, Unix architecture, and networking.

Strong scripting and automation skills are must (Python preferable)

Must have excellent reporting and analytical skills.

In-depth knowledge of Operating Systems such as Windows, macOS, iOS or Android and the security protections that these platforms offer, would be an added advantage.

Preferred Industry Certifications: GCIH, GCFA, GCDA, GCIA, GDAT, OSCP, CySA+, SEC+

 

Team Lead – Threat Hunting – Security Operations Centre

Job Details

Job Title

Team Lead-SOC

Department

Cyber Security

Reporting to

Head Cybersecurity Operations

Location

Ahmedabad

Job Objective

Our Cyber Security Operation function works to continuously strengthen cyber security posture through research, threat simulations, threat hunting, and offensive security engagements.

The position of Threat Hunter is responsible for analyzing and correlating large data sets to uncover novel threats and attack techniques that may be present within the organization’s Environment A Threat Hunter also will be tasked with and collaborating with other team and will be part of cyber defense center team to identify opportunities to develop analytical methods to detect advanced threat actors who utilize emerging tactics and techniques. In support of these processes, the role will also include developing and documenting new and innovative threat hunt hypotheses to increase the team’s ability to find existing threats that are otherwise going unidentified or unnoticed.

 

Roles and Responsibilities

Responsible for analyzing and correlating large data sets to uncover novel threats and attack techniques that may be present within the organization’s Environment

He / She will be part of cyber defense center team to identify opportunities to develop analytical methods to detect advanced threat actors who utilize emerging tactics and techniques.

In support of these processes, the role will also include developing and documenting new and innovative threat hunt hypotheses to increase the team’s ability to find existing threats that are otherwise going unidentified or unnoticed.

The role will be working part of Security Operation Center operational and technical teams to gain insight into critical security controls and architectural specifics to develop valuable hunt strategies and analytics that identify malicious behavior accurately while maintaining a low false positive rate.

This role advises on and reviews product assessments, policy adjustments, and architectural transformations that impact the Cyber Security at Group level, and will be a thought leader in the design of cutting-edge detective, preventative, and proactive controls

Recognize attacker and APT activity, tactics, and procedures as indicators of compromise (IOCs) that can be used to improve monitoring, analysis, and incident response

Lead Threat Hunting activities and mentor junior staff

Work with key stakeholders to implement remediation plans in response to incidents

Effectively investigative and identify root cause findings then communicate findings to stakeholders including technical staff, and leadership

Author Standard Operating Procedures (SOPs) and training documentation when needed

Generates end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty

Should be comfortable to be part of 24*7 SOC services.

 

 

 

 

 

 

Job Requirements

Educational qualifications:

Bachelor’s degree relevant to Information Technology, Computer Science/Engineering (or equivalent).

Advanced certification desirable GCIH, GCIA, GCFE, GREM, GCFA, GSEC

 

Experience:

Minimum 3+ years in a Threat Hunting role

Experience in a technical role in the areas of Security Operation, Incident Response, Detection Engineering, Offensive Security/Red Team, or Cyber Threat Intelligence.

Strong experience in SIEM (Security Incident and Event Monitoring) processes and Products (e.g., Microsoft Sentinel, EDR)

Experience analysing system, network, and application logging for attack techniques at all stages of the cyber kill chain/MITRE framework.

Experience consuming and analyzing Cyber Threat Intelligence for actionable takeaways

Ability to navigate and work effectively across a complex, geographically dispersed organization.

Deep packet and log analysis

Windows forensic and Malware Analysis

Cyber Threat and Intelligence gathering and analysis

Bachelor’s degree or equivalent experience

Knowledge and experience with scripting and programming (Python, PERL, etc.) are also highly preferred

Process improvement, project management, ISO, six sigma certifications are preferred

 

 

Team Lead – SIEM Admin – Security Operations Centre

Job Details

Job Title

Team Lead-SOC

Department

Cyber Security

Reporting to

Head Cybersecurity Operations

Location

Ahmedabad

Job Objective

Our Cyber Security Operation function works to continuously strengthen cyber security posture through research, threat simulations, threat hunting, and offensive security engagements. This position will be responsible for analyzing, designing, and developing commercially viable end-to-end technical solutions based on business needs. In support of these, the role will include developing advanced correlation rules, reports, and dashboards to detect emerging threats in SIEM & Cloud platforms.You will help design solutions for security problems, partner with service teams and other security stakeholders to ensure rapid adoption of solutions and mitigation of threats from beginning to end.

 

Roles and Responsibilities

Sentinel SIEM administration and operation management

Custom/unsupported devices integration with Sentinel SIEM and use cases creation

Content creation on SIEM to cover all stage of MITRE

Design, develop, monitor, adhere to various SLAs/KPIs/KRIs applicable to Security Operations Centre.

Creation of customized reports and dashboards for presentation to various stakeholders.

Identify and address technical or operational risks.

SIEM and other security platform performance and capacity management

Develop and maintain technology architecture cost and return on investment (ROI) models to assess architecture change.

Should be able to perform analysis of logs from various devices and develop use cases considering evolving threat landscape for anomaly detection.

Lead any module within Security Operations Center like Threat Hunting, Threat Intelligence, Content Management etc. to improve overall detection & response capabilities.

Well versed with logging standard development and device onboarding/log source integration of diversified devices including the ones not supported by SIEM OEM.

Should have clear understanding of MITRE framework and how to operationalize the same across multiple functions of SOC.

Handle 24*7 operations and support various SOC activities

Good Communication Skill and stakeholder management is imperative.

 

 

 

 

 

 

Job Requirements

Educational qualifications:

Bachelor’s degree relevant to Information Technology, Computer Science/Engineering (or equivalent).

Advanced certification desirable AZ-900, CISP, CCSP, AWS Certified Solution Architect – Associate, Google Cloud Professional Security Engineer, Microsoft Certified: Azure Security Engineer Associate.

 

Experience:

Strong experience in Microsoft Sentinel architecture, administration.

Proven experience in assessing, designing, deploying, and operating SIEM platforms.

Expertise in SIEM use cases creation

Experience in defining best practices for optimized application and platform performance.

Demonstrated expertise in modifying configurations that improve SIEM performance.

Proficient in Kusto query language (KQL) and experienced in developing use cases.

Strong technical knowledge of Linux, Firewalls and Load Balancing principles.

Deep IT industry knowledge in specific areas related to Security like VM, AVM etc, Managed Security Services etc.

Can validate/evaluate if an information systems or operational architecture meets technical requirements and specifications.

Familiar with multiple architectural, development and operational methodologies.

 

Team Lead – Incident Response – Security Operations Centre

Job Details

Job Title

Team Lead-SOC

Department

Cyber Security

Reporting to

Head Cybersecurity Operations

Location

Ahmedabad

Job Objective

Our Cyber Security Operation function works to continuously strengthen  cyber security posture through research, threat simulations, threat hunting, and offensive security engagements.

The position of Incident Response is responsible for leading incident response engagements and activating other teams in case of critical incidents. This role requires hands-on technical expertise and ability to communicate effectively. In support of these, candidates with extensive forensics, incident response and cyber security experience are encouraged to apply.

 

Roles and Responsibilities

Providing first line response to customer alerts and ensuring internal security teams are alerted

Responsible for handling day-to day operations to monitor, identity, triage and investigate security events from various Endpoint (EDR), Network and Cloud security tools and detect anomalies, and report remediation actions

Responsible for detecting and responding to security incidents, coordinating cross-functional teams to mitigate and eradicate threats

Responsible for triaging security incidents and conducting response actions to detect, contain and remediate identified security incidents

Analyze firewall logs, server, and application logs to investigate events and incidents for anomalous activity and produce reports of findings

Conduct reviews and analysis of proxy logs, Microsoft Windows and Active Directory logs, and malicious code to identify, contain, eradicate, and ensure recovery from incidents

Responsible for handling security incidents reported by third parties or external security researchers

Determine root cause analysis and create post-mortem report for security incidents

Track security events and incidents in SOAR tool

Develop and document threat driven response playbooks to support security incidents

Provide knowledge sharing, mentoring, and support of team members

Maintain current knowledge and understanding of the threat landscape and emerging security threats

Assist in the creation and maintain Autodesk Security Response Centre's process and tools documentation

Provide support as on-call personal during security incident

Responsible for working in a 24/7 environment including night shifts and the shifts are decided based on the business requirement.

Maintain a high level of confidentiality and Integrity.

Effectively investigative and identify root cause findings then communicate findings to stakeholders including technical staff, and leadership

Author Standard Operating Procedures (SOPs) and training documentation when needed

Generates end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty.

Should be comfortable to be part of 24*7 SOC services.

 

 

 

 

 

 

Job Requirements

Educational qualifications:

Bachelor’s degree relevant to Information Technology, Computer Science/Engineering (or equivalent).

Advanced interpersonal skills to effectively promote ideas and collaboration at various levels of the organization

One or more security-related certifications from any of the following organizations: SANS – [GCIH, GCFE, GCFA], AWS, Azure Cloud security Certifications or equivalent are desired

 

Experience:

4+ years of cyber security experience in incident response

Technical depth in one or more specialties including: Malware analysis, Host analysis and Digital forensics

Strong understanding of Security Operations and Incident Response process and practices

Experience performing security monitoring, response capabilities, log analysis and forensic tools

Strong understanding of operating systems including Windows, Linux and OSX

Experience with SIEM, SOAR, EDR, Network, AWS, and Azure security tools

Experience with IR and Forensic investigations within Cloud environments such as AWS and Azure

Experience with one or more scripting languages (PowerShell, Python, Bash, etc.)

Excellent critical thinking and analytical skills, organizational skills, and the ability to work as part of a team

Excellent verbal and written communication skills

Should be comfortable to be part of 24*7 SOC services.