SOC L3 EngineerLocation :Bangalore
Candidates with Mandatory experience on any of Cylance Protect and Optics, Crowdstrike Falcon Insight, Sentinel One ActiveEDR, Carbon Black EDR.
5 to 7 Years
- Be a First responder for the true positive offense handed over by the security monitoring team.
- Investigate by performing windows forensics on the infected endpoint.
- Identify the initial infection vector
- Perform threat intelligence and protection against threats including malware, phishing, hacking, etc. by consuming threat intelligence from a wide variety of sources, including but not limited to:
- MSSP subscriptions, open-source community, independent security researchers community, cyber threat-sharing forums, bilateral and multilateral sharing with peer client organizations.
- Liaise with the asset owner for the asset that is in question as part of the incident. (Via Phone call, SEPM alert mechanism, Email)
- Inform the Asset owner’s reporting manager about the situation
- Inform the asset owner post completion of the IR investigation.
- Collate the IR evidence and artifacts into the Ticketing system
- Prepare detailed IR report
- Handover the completed cases to the Security monitoring team for closure
- Identify and track lessons learned as part of IR to eliminate any residual risks/threats that may be in the client environment.
THREAT HUNTING AND FORENSICS:
- Log mining and identifying threats, Malware analysis, and reverse engineering.
- Document vulnerabilities and Exploits used while analyzing malware.
- Analyze, evaluate, and document malicious code behavior.
- Identify commonalities and differences between malware samples for purposes of grouping or classifying for attribution purposes.
- Researching Vulnerabilities, exploits, zero-day Malware, and then providing early alerts to Endpoint Security / IT Security team along with mitigation strategy.
- Research and write actionable reports.
- Ensure the accuracy and integrity of information throughout reporting.
- Impart training to internal team members on Reverse Engineering.
- Participate in directed research and development tasks.
- Complete other tasks as directed by the respective Lead / Manager.
- Develop tools to identify a 0-day malware based on various characteristics of a file format.
- Assist the Lead / Manager in developing and setting up frameworks for developing an incident response toolkit.
- Provide Cyber Security Operations Centre (CSOC) support on an 8×6 basis
- Mandatory experience on any of a) Cylance Protect and Optics b) Crowdstrike Falcon Insight c) SentinelOne ActiveEDR d) Carbon Black EDR
- Conducted detailed analytical queries and investigations, identify areas that require specific attention, identify indicators of compromise (IOC) or Indicators of Attack (IoA) that need further investigation, and develop use cases and rules
- Hands-on experience in security incident response lifecycle and its phases
- Hands-on experience in static and dynamic malware analysis
- Hands-on experience in event and log analysis on Windows endpoints