Dhani - Senior Security Analyst - Cyber Defense & Security - Pune/Mumbai, India - DHANI

Description

The incumbent will be responsible for promptly identifying, mitigating, and resolving cyber defense incidents to ensure the security and integrity of our systems and data.

This role requires expertise in incident response coordination, threat analysis, forensics, technical root cause analysis, trend reporting, proactive CAPA [Correct Actions & Preventive Actions analysis etc.

• Collect intrusion artifacts such as malware, and trojans to facilitate mitigation of potential cyber defense incidents.
• Provide expert technical insights to cyber defense engineers across the enterprise to resolve incidents promptly.
• Coordinate incident response functions to ensure effective and timely resolution.
• Monitor external data sources to stay informed about cyber threats and their potential impact on the enterprise.
• Perform trend analysis and reporting to identify emerging cyber defense issues.
• Conduct forensically sound collection and inspection of assets for mitigation and remediation.
• Analyze alerts & data from organization's internal & public facing assets to determine possible causes and appropriate responses.
• Write and publish afteraction reviews and incident reports for organizational learning and improvement.

• 4+ years of experience in cyber defense or incident response roles.
• Consideration for privacy and security obligations.
• Demonstrated commitment to valuing diversity and contributing to an inclusive working and learning environment.
• Hand's on tools/platform experience: SIEM , IDS/IPS , EDR, Forensic Analysis Tools, Network Packet Analyzers, Vulnerability Scanners, Threat Intelligence Platforms, Incident Response Platforms, Malware Analysis Tools, DLP solutions.

• Business Continuity
• Computer Forensics
• Computer Network Defense
• Incident Management
• Information Systems/Network Security
• Infrastructure Design
• System Administration
• Threat Analysis
• Vulnerability Assessment

• Understanding of business continuity and disaster recovery plans.
• Skill in preserving evidence integrity according to established procedures.
• Knowledge of intrusion detection methodologies.
• Familiarity with cyber defense policies, procedures, and regulations.
• Expertise in network security architecture and protocols.
• Proficiency in malware protection techniques.
• Understanding of incident response methodologies and timelines.
• Ability to perform damage assessments accurately.
• Knowledge of cloud service models and their implications for incident response.
• Familiarity with system and application security threats and vulnerabilities.
• Artificial Intelligence [AI] Security would be an added plus.

• SIEM (Security Information and Event Management): SIEM tools to collect, analyze, and correlate security events from various sources across the network to identifypotential security incidents. Examples include Splunk, IBM QRadar, and Elastic SIEM.
• IDS/IPS (Intrusion Detection and Prevention Systems): IDS/IPS tools to monitor network traffic for suspicious activity and can automatically block or alert on potential threats. Examples include Snort, Suricata, and Cisco, Crowdstrike.
• Endpoint Detection and Response (EDR): EDR tools to provide realtime monitoring and response capabilities on endpoints such as desktops, laptops, and servers. Examples include CrowdStrike Falcon, Carbon Black, and Microsoft Defender for Endpoint.
• Forensic Analysis Tools: Tools to help incident responders collect, preserve, and analyze digital evidence from compromised systems. Examples include EnCase Forensic, Autopsy, and Volatility Framework.
• Network Packet Analyzers: Packet analyzers to allow incident responders to capture and analyze network traffic to identify suspicious or malicious activity. Examples include Wireshark, tcpdump, and NetworkMiner.
• Vulnerability Scanners: Vulnerability scanners to help identify weaknesses in systems and applications that could be exploited by attackers. Examples include Nessus, OpenVAS, and Qualys.
• Threat Intelligence Platforms: To aggregate and analyze threat intelligence data from various sources to provide context on potential threats and attacks. Examples include ThreatConnect, Crowdstrike, PaloAlto, Proofpoint , Microsoft Defender, VirusTotal, Alient Vault
• Incident Response Platforms: To help automate and streamline incident response processes, including alert triage, case management, and remediation workflows.
• Malware Analysis Tools: Malware analysis tools to assist in analyzing and understanding the behavior of malicious software. Examples include Cuckoo Sandbox, VirusTotal, IDA Pro, Crowdstrike.
• Data Loss Prevention (DLP)

Examples include Symantec DLP, McAfee DLP, and Digital Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience).

• Certified Information Systems Security Professional (CISSP), Certified Incident Handler (GCIH), or similar certifications preferred.
• Minimum of 45+ years of experience in cyber defense or incident response roles.
• Strong analytical and problemsolving skills.
• Excellent communication and interpersonal abilities.
• Ability to work effectively in a fastpaced and dynamic environment.

• Malware Analysis
• Forensic Analysis
• Threat Intelligence
• DLP
• IDS/IPS
• Vulnerability Mgmt

• Crowdstrike | SIEM [Splunk/Any]
• Incident First Responders
• Root Cause Analysis Expert
• Experience with On-Prem & Cloud Vendors
• Threat Hunting [Must