SOC L3 EngineerLocation :BANGALORE
Candidates with Mandatory experience on any of Cylance Protect and Optics, Crowdstrike Falcon Insight, Sentinel One ActiveEDR, Carbon Black EDR.
5 to 7 Years of Experience.
- Be a First responder for the true positive offense handed over by the security monitoring team.
- Investigate by performing windows forensics on the infected endpoint.
- Identify the initial infection vector
- Perform threat intelligence and protection against threats including malware, phishing, hacking etc. by consuming threat intelligence from a wide variety of sources, including but not limited to:
- MSSP subscriptions, open source community, independent security researchers community, cyber threat-sharing forums, bilateral and multilateral sharing with peer clienting organizations.
- Liaise with asset owner for the asset that is in question as part of the incident. (Via Phone call, SEPM alert mechanism, Email)
- Inform the Asset owner’s reporting manager about the situation
- Inform the asset owner post completion of the IR investigation.
- Collate the IR evidences and artefacts into the Ticketing system
- Prepare detailed IR report
- Handover the completed cases to Security monitoring team for closure
- Identify and track lessons learnt as part of IR to eliminate any residual risks/threats that may be in the client environment.
THREAT HUNTING AND FORENSICS:
- Log mining and identifying threats, Malware analysis and reverse engineering.
- Document vulnerabilities and Exploits used while analysing a malware.
- Analyse, evaluate, and document malicious code behaviour.
- Identify commonalities and differences between malware samples for purposes of grouping or classifying for attribution purposes.
- Researching on Vulnerabilities, exploits, zero-day Malware and then providing early alerts to Endpoint Security / IT Security team along with mitigation strategy.
- Research and write actionable reports.
- Ensure the accuracy and integrity of information throughout reporting.
- Impart training to internal team members on Reverse Engineering.
- Participate in directed research and development tasks.
- Complete other tasks as directed by the respective Lead / Manager.
- Develop tools to identify a 0-day malware based on various characteristics of a file format.
- Assist the lead / Manager in developing and setting up frameworks for developing incident response toolkit.
- Provide Cyber Security Operations Centre (CSOC) support on an 8x6 basis
- Mandatory experience on any of a) Cylance Protect and Optics b) Crowdstrike Falcon Insight c) SentinelOne ActiveEDR d) Carbon Black EDR
- Conducted detailed analytical queries and investigations, identify areas that require specific attention, identify indicators of compromise (IOC) or Indicators of Attack (IoA) that need further investigation and develop use cases and rules
- Hands-on experience in security incident response lifecycle and its phases
- Hands-on experience in static and dynamic malware analysis
- Hands-on experience in event and log analysis on Windows endpoints
Paid Medical, Vision and Dental insurance.
401k with up to 5% company matching
Personal Training and Development Budget
Citibike and Zipcar memberships
Paid parental leave
Flexible work hours