This job offer is not available in your country.
Incident Response Consultant - SIEM
MpowerplusBangalore3 days ago
Job descriptionCreate Weekly and monthly (WSR, MSR & QBR) dashboard to represent data based on business requirement. Investigate and remediate threats and alerts escalated from L2 for additional context / risk assessments Maintain incident tracker with updated data of incidents. Develop remediation plans, RCA, Lesson learnt and identify repeat security incidents trending and recovery strategy, Good understanding of security SLAs First-touch for alerts involving VIP detection Recommend and implement tuning and enhancement to defined alerting rules and SOPs The security specialist is responsible for conducting information security investigations because of security incidents identified by the tier 2 security analyst who are monitoring the security consoles from various SOC entry channels (SIEM, SNOW Tickets, Email and MDE), Performing day to day activities of the Content Team, including, Supporting, developing, executing testing of new content rules, fine tuning & documenting additions, deletions, and modifications of content rules. Update of all 'content' related information in security platforms (SIEM, Deep Packet Inspection, End Point Security tools). Maintaining direct and regular interaction with the organizational stakeholders to enhance content across the platforms, and mature the security program, based on risk posture, threat landscape, and changing business requirements. Working with cross-organization teams to evaluate the quality of provided data sources and recommending improvements to the sensing capabilities and coverage. Working with the other security functions to identify and apply Cyber Threat Intelligence from internal and external sources to the existing Content Library. Ability to work with various teams and lead them for any security incident to find the root cause with good analytical capability, make necessary actions to reduce them, set action plans to stop future attacks, and report to management for the overall situation. Initiate process improvement programs to enhance the efficiency of the SOC Maintain database / tracker for past incident trends to provide analysis and intel to manage future critical incidents. Join the critical and major incident call and provide inputs from past incidents to support to L1 / L2 resources for quick resolution of incidents, Post-incident, the IR Lead will make efforts to fix vulnerabilities, improve incident response strategies, and implement preventative security measures. Collect intrusion artifacts such as source code, malware, and trojans. Use the discovered data to enable mitigation of potential cyber defence incidents. Perform digital forensics which involves investigating and reconstructing cybersecurity incidents by collecting, analyzing, and preserving digital evidence, Experience identifying, investigating, and responding to complex attacks in the cloud or on premises. 7+Years of experience in SOC Operations. Strong understanding of threat landscape in terms of the tools, tactics, and techniques of threats employing both commodity and custom malware Strong hands-on experience with sentinel ES, including development of content, ingestion of feeds, and other platform administration functions Very good understanding of security tools / logs like FW, IPS / IDS, Sensors, EDR / NDR / XDR, Proxy, DNS, DDos, SIEM -sentinel, MITRE ATT&CK Framework (Must have), Sec -Ops, Service Strong understanding of SOAR, Play book Creation & Enhancement & Automation. Experienced in sentinel integration with monitoring tools like AWS CloudWatch, Cloud Trail, AppDynamics, SCOM, SolarWinds Strong understanding of how complex, multi-stage malware functions. Good Understanding of Windows & Linux Operating Systems. Manages sentinel knowledge objects (Apps, Dashboards, Saved Searches, Scheduled Searches, Alerts) Develop custom sentinel apps to meet customer needs in a variety of domains : IT infrastructure, financial, IT ops, Application management, human resources, physical security, PowerShell, and batch scripts; ability to develop scripts in these languages to support sentinel sentinel integration with ticketing tools, SOAR, Threat intelligence platforms etc. Knowledge of statistical modelling for anomaly, ML and outlier detection Security certifications like CEH, OSCP, CISSP, SANS GCIA, or CISM other SANS defence-related Strong understanding of the underlying sentinel infrastructure and components (lookups,
Description :
- The IR Lead is responsible for designing and implementing strategies to contain and eradicate threats.
- Respond to intrusion attempts, identifying full scope of impact and attack vector
- Lead response and investigation efforts into advanced / targeted attacks
- Experience with investigative technologies such as SIEM, packet capture analysis, host forensics and memory analysis tools
- Work with various internal teams to identify gaps in and expand coverage of endpoint, logging and network tooling to improve monitoring and response capabilities.
- Assist in the design, evaluation and implementation of new security technologies.
What you do :
What we are looking for :
Now Good Understanding of OWASP top Vulnerability. ITSM Tools, sentinel ES.
etc.
certifications (GSOC / GCDA).
modular inputs, standard inputs, relationships between varying configuration files, etc.)
(ref : hirist.tech)
Create a job alert for this search
Incident Response • Bangalore
Related jobs
- Promoted
Incident Recovery Lead
Rakuten SymphonyBengaluru, Karnataka, India We are looking for a highly capable and technically adept.Major & critical incidents across our.You will take ownership of real-time incident management coordination, orchestrating recovery efforts...Show moreLast updated: 9 days ago
- Promoted
Senior Solution Consultant - Kinaxis (Rapid Response)
GenpactBengaluru, Karnataka, India At Genpact, we don’t just adapt to change—we drive it.AI and digital innovation are redefining industries, and we’re leading the charge.
If you thrive in a fast-moving, tech-driven environment, love...Show moreLast updated: 30+ days ago
- Promoted
L3 Server Engineer – Major Incident Management
Nextbridge IT Solutionshosur, tamil nadu, in Nextbridge IT Solutions is a US-based IT solution firm specializing in connecting exceptional talent with organizations driving transformation in infrastructure, cloud, and emerging technologies.We...Show moreLast updated: 21 days ago
- Promoted
Senior Security Consultant
Claranet Indiahosur, tamil nadu, in Founded at the beginning of the dot.CEO Charles Nasser had a light bulb moment to develop a truly customer-focused IT business.
Since then, Claranet has grown from an Internet Service Provider (ISP)...Show moreLast updated: 30+ days ago
- Promoted
Amadeus Labs - Service Reliability Engineer - Incident Management
Amadeus LabsBangalore Job Title : Service Reliability Engineer 3 Summary Of The Role : Were looking for an experienced ...Show moreLast updated: 19 days ago
- Promoted
Security Consultant
World Wide Technologyhosur, tamil nadu, in Be the primary lead in cybersecurity delivery engagements for a wide variety of clients in different industry verticals.Evaluate and recommend security strategies for networks, systems, operations,...Show moreLast updated: 9 days ago
- Promoted
Trinity - DevSecOps Manager - Incident Management
TRINITYPARTNERS INDIA LLPBangalore Designation : Manager Experience : 8 to 14 years The DevSecOps Manager plays a pivotal role in guiding Trin...Show moreLast updated: 28 days ago
- Promoted
Incident Manager
ConfidentialBengaluru / Bangalore We are seeking an experienced Incident Manager to join our team.The ideal candidate will have 2-5 years of experience in incident management, with a proven track record of successfully managing inc...Show moreLast updated: 30+ days ago
- Promoted
Sap Incident Manager
ConfidentialBengaluru / Bangalore Responsible for SLA / KPI tracking, management and understanding the importance of SLA compliance to Mckesson business.Responsible for daily / weekly / monthly status updates to the business team.Respons...Show moreLast updated: 24 days ago
- Promoted
Incident Management Specialist
ConfidentialBengaluru / Bangalore, India Job Title : Security Incident Response Analyst.Skills Required : Incident Management Oracle SQL.Lead security incident response in a cross-functional environment and drive incident resolution.Lead an...Show moreLast updated: 23 days ago
- Promoted
Sr. Staff Engineer, Incident Management
ConfidentialBengaluru / Bangalore Data Loss Prevention components.Our comprehensive suite of services is designed to streamline incident handling, facilitate forensic investigations, and securely upload and download high-scale cust...Show moreLast updated: 30+ days ago
- Promoted
Intergration Consultant
project44Bengaluru, Karnataka, India We challenge the status quo because we know a better supply chain isn’t just possible—it’s essential.Decision Intelligence Platform,.
By transforming fragmented logistics data into real-time, AI-pow...Show moreLast updated: 14 days ago
- Promoted
Observe.AI - Infrastructure Security Leader - Incident Management
Observe.AIBangalore AI Observe.AI is the leading conversation intelligence platform for boosting contact center performance.Built on the industry's most accurate AI engine that anal...Show moreLast updated: 16 days ago
- Promoted
Incident Management
ConfidentialBengaluru / Bangalore Job Title : Incident Management.Notice period : immediate – 15 days.Candidate Should have experience in International Tech Support.
We are looking for an experienced Incident Management professional...Show moreLast updated: 30+ days ago
- Promoted
Incident Response Analyst
VontierBengaluru, Karnataka, India Information Security Senior Global Incident Response Analyst.The position is responsible for acting as a senior analyst during security incidents, coordinating efforts with various members of the I...Show moreLast updated: 13 days ago
- Promoted
Incident Manager IV
TalentojBengaluru, Karnataka, India Support, Engineering, and Infrastructure teams.You will enhance the customer experience by organizing and driving the investigation of production issues in our SaaS application, which consists of S...Show moreLast updated: 28 days ago
- Promoted
Incident Manager
Systal Technology SolutionsBangalore Incident Manager Competitive Salary and Benefits : Systal is an Information Technology services integrator.We help our custome...Show moreLast updated: 30+ days ago
- Promoted
Security Incident Responder
ConfidentialBengaluru / Bangalore, India WPP is the creative transformation company.We use the power of creativity to build better futures for our people, planet, clients, and communities.
Working at WPP means being part of a global networ...Show moreLast updated: 23 days ago
- Promoted
Incident Management Technician
ConfidentialBengaluru / Bangalore, India Elastic, the Search AI Company, enables everyone to find the answers they need in real time, using all their data, at scale — unleashing the potential of businesses and people.The Elastic Search AI...Show moreLast updated: 23 days ago
- Promoted
Technology Resilience Recovery Consultant
HCLTechBengaluru, Karnataka, India As a Technology Resilience & Recovery Consultant, you will play a pivotal role in fortifying the organization's cyber resilience and disaster recovery capabilities.
This role is critical to ensuring...Show moreLast updated: 20 days ago