Team Lead – Incident Response – Security Operations Centre

Job Details

Job Title

Team Lead-SOC

Department

Cyber Security

Reporting to

Head Cybersecurity Operations

Location

Ahmedabad

Job Objective

Our Cyber Security Operation function works to continuously strengthen  cyber security posture through research, threat simulations, threat hunting, and offensive security engagements.

The position of Incident Response is responsible for leading incident response engagements and activating other teams in case of critical incidents. This role requires hands-on technical expertise and ability to communicate effectively. In support of these, candidates with extensive forensics, incident response and cyber security experience are encouraged to apply.

Roles and Responsibilities

Providing first line response to customer alerts and ensuring internal security teams are alerted

Responsible for handling day-to day operations to monitor, identity, triage and investigate security events from various Endpoint (EDR), Network and Cloud security tools and detect anomalies, and report remediation actions

Responsible for detecting and responding to security incidents, coordinating cross-functional teams to mitigate and eradicate threats

Responsible for triaging security incidents and conducting response actions to detect, contain and remediate identified security incidents

Analyze firewall logs, server, and application logs to investigate events and incidents for anomalous activity and produce reports of findings

Conduct reviews and analysis of proxy logs, Microsoft Windows and Active Directory logs, and malicious code to identify, contain, eradicate, and ensure recovery from incidents

Responsible for handling security incidents reported by third parties or external security researchers

Determine root cause analysis and create post-mortem report for security incidents

Track security events and incidents in SOAR tool

Develop and document threat driven response playbooks to support security incidents

Provide knowledge sharing, mentoring, and support of team members

Maintain current knowledge and understanding of the threat landscape and emerging security threats

Assist in the creation and maintain Autodesk Security Response Centre's process and tools documentation

Provide support as on-call personal during security incident

Responsible for working in a 24/7 environment including night shifts and the shifts are decided based on the business requirement.

Maintain a high level of confidentiality and Integrity.

Effectively investigative and identify root cause findings then communicate findings to stakeholders including technical staff, and leadership

Author Standard Operating Procedures (SOPs) and training documentation when needed

Generates end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty.

Should be comfortable to be part of 24*7 SOC services.

Job Requirements

Educational qualifications:

Bachelor’s degree relevant to Information Technology, Computer Science/Engineering (or equivalent).

Advanced interpersonal skills to effectively promote ideas and collaboration at various levels of the organization

One or more security-related certifications from any of the following organizations: SANS – [GCIH, GCFE, GCFA], AWS, Azure Cloud security Certifications or equivalent are desired

Experience:

4+ years of cyber security experience in incident response

Technical depth in one or more specialties including: Malware analysis, Host analysis and Digital forensics

Strong understanding of Security Operations and Incident Response process and practices

Experience performing security monitoring, response capabilities, log analysis and forensic tools

Strong understanding of operating systems including Windows, Linux and OSX

Experience with SIEM, SOAR, EDR, Network, AWS, and Azure security tools

Experience with IR and Forensic investigations within Cloud environments such as AWS and Azure

Experience with one or more scripting languages (PowerShell, Python, Bash, etc.)

Excellent critical thinking and analytical skills, organizational skills, and the ability to work as part of a team

Excellent verbal and written communication skills

Should be comfortable to be part of 24*7 SOC services.