Incident response & Handling - Assistant Manager | Deputy Manager

Role & responsibilities

• Overall experience of at least 5+ years in SIEM monitoring and Cyber security Incident response and Management.
• Core Incident Response Knowledge: Deep understanding of the incident response lifecycle, cyber kill chain, and MITRE ATT&CK framework.
• Operating Systems: Expertise in Windows, Active Directory, DNS, and Linux platforms.
• SIEM Platforms: Strong experience with QRadar, Microsoft Sentinel, and other SIEM tools.
• SOAR Tools: Proficiency in tools like Cortex XSOAR, Splunk Phantom, and Demisto for orchestrating response.
• EDR Technologies: Hands-on experience with tools like CrowdStrike, Microsoft Defender for Endpoint, SentinelOne, etc.
• Log Analysis: Ability to interpret raw logs and perform correlation across diverse systems (network, endpoint, applications).
• Digital Forensics: Experience with EnCase, FTK, or other forensics toolsets; able to perform memory, disk, and network forensics.
• Malware Analysis: Strong understanding of malware behavior, obfuscation techniques, and basic reverse engineering.
• Communication: Strong verbal and written communication skills, capable of briefing technical and non-technical stakeholders.
• Process Orientation: Ability to document, optimize, and maintain response processes and runbooks.
• ITSM Tools: Familiarity with ITSM platforms (e.g., ServiceNow) for managing incidents and workflows.

Preferred candidate profile

The role requires strong skills in incident response and digital forensics to effectively minimize the impact of cyber risks. The individual will be responsible for overseeing security monitoring, managing security tools and operations, and ensuring security incidents are handled efficiently and reported to relevant stakeholders.

This role primarily involves acting as a first responder and conducting in-depth incident response activities on behalf of a diverse range of clients across various sectors. Candidates must be capable of operating in complex security environments and working collaboratively with the SOC team to design, communicate, and execute incident response, containment, and remediation plans. They will support incident response analysts and incident management teams, while also evaluating tools, processes, and procedures for handling cyber intrusionscontinuously identifying new and improved methods for detecting and responding to adversarial threats.