Incident Response

Job Summary

This is a technical position responsible for reviewing and investigating security incidents, tracking their closure, and preparing reports. The ideal candidate will have hands-on experience with Windows and Linux, understanding of cyber kill chain, APT threat vectors, and cloud logs.

Key Responsibilities

• Review and investigate security incidents using tools such as SentinelOne EDR, Zscaler Proxy, Bluecoat Proxy, F5 WAF console, CSPM, and ASM.

• Track the closure of all incidents with stakeholders and complete reviews based on severity with input from other teams.

• Prepare reports and dashboards for comprehensive incident views.

• Monitor and review alerts on CSPM.

• Analyze memory dumps from endpoints and provide insights.

• Publish daily/periodical incident report trackers to seniors.

• Conduct end-to-end investigations and provide root cause analysis in reporting format.

• Perform email header analysis.

• Generate alerts across various devices.

• Verify log retention on systems, servers, networks, storage, applications, and security devices according to ISSP policy and regulatory requirements.

Required Skills & Experience

• Hands-on experience with Windows and Linux.

• Understanding of cyber kill chain.

• Knowledge of APT threat vectors.

• Familiarity with application log reviews.

• Operating system expertise: Windows, Linux.

• AWS and Azure cloud log understanding.

Industries:Banking, Computer Software, Financial Services