Principal Threat & Incident response Engineer
Chennai, TN, India
Job ID: 35597
- Develop new and novel defense techniques to identify and stop advanced adversary tactics and techniques.
- Perform forensics on network, host, memory, and other artifacts originating from multiple operating systems, applications, or networks and extract IOCs (Indicators of Compromise) and TTP (Tactics, Techniques, and Procedures).
- Investigate incidents leveraging forensics tools including Encase, FTK, X-Ways, Axiom, SIFT, and Splunk to determine source of compromises and malicious activity that occurred.
- Collect, analyze, assess, and disseminate information about cyber threats and potential attacks.
- Conduct human-driven, proactive, and iterative hunts through enterprise networks, endpoints, or datasets to detect malicious, suspicious, or risky activities that have evaded detection by existing tools.
- Lead the Security Incident Response Team (SIRT) in responding to active and time-sensitive threats including communications and coordination across different teams.
- Work closely with other members of the Information Security team to lead changes in the company's defense posture.
- Maintaining proper chain of custody of evidence and associated documentation
- Testifying in court, Grand Jury, or other legal proceedings through testimony, sworn affidavits, or other legal instruments.
Skills & Experience
- 3+ years of strong hands-on experience in digital forensics examinations and/or investigations using the EnCase tool.
- 3+ years of experience in law enforcement (deputized) investigations (fraud, counterintelligence, high-tech crimes, etc.).
- 3+ years of experience in interviewing after taking a Reid Technique class (or an equivalent)
- Advanced knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security.
- Experience with cloud services.
- Strong understanding of vulnerabilities, common attack vectors and has attacker mindset: ability to think about creative threats and attack vectors.
- Strong communication (i.e., written and verbal), presentation, teamwork skills and resourcefulness.
- Deep understanding of internals and constructs of modern operating systems.
- Experienced with EnCase, FTK, X-Ways, Axiom, SIFT, Splunk, Elastic Stack, Redline, Volatility, WireShark, TCPDump, and open source forensic tools.
- Proficiency with at least one interpreted programming language (Python, Ruby, etc.).
- Relevant security certifications (EnCE, OSCP, OSCE, GPEN, GXPN, GREM, GNFA, GCFA).
Job Qualifications and Educational Requirements
- Bachelor’s degree from an accredited University or equivalent work experience
- Work Experience: 10+ years; 5+ directly related to role
- Pass a proficiency exam related to the role