Assistant Manager-Captive Operations

Experience Required: 4+ years in Cybersecurity, with 2+years hands-on Anti APT tool and in IR

Reports To: Security Operations Lead / SOC Manager

Job Summary:

We are looking for a highly skilled Anti-APT and IncidentResponse Specialist to lead the detection, analysis, and remediation ofsophisticated cyber threats, including Advanced Persistent Threats (APTs). Thecandidate will work closely with threat intelligence, SOC, and forensic teamsto respond to incidents, contain threats, and fortify the environment againstfuture attacks.

Key Responsibilities:

Anti-APT Operations:

• Monitor for indicators of APT campaigns using threat intelligence feeds, SIEM, EDR, NBAD, and anomaly detection tools.
• Identify and analyze tactics, techniques, and procedures (TTPs) used by threat actors aligned with MITRE ATT&CK.
• Leverage threat intelligence to proactively hunt and neutralize stealthy threats.

Incident Response (IR):

• Lead and execute all phases of incident response: identification, containment, eradication, recovery, and lessons learned.
• Perform forensic analysis on systems and logs to determine the root cause, scope, and impact of security incidents.
• Collaborate with IT, SOC, and legal/compliance teams during major incidents and breach investigations.
• Create and maintain IR playbooks, response workflows, and escalation procedures.

Detection and Prevention:

• Work with SIEM and SOAR teams to improve alert fidelity and develop custom correlation rules.
• Coordinate with endpoint, network, and cloud teams to plug gaps and strengthen defenses post-incident.
• Assist in configuring anti-APT technologies like sandboxing, deception platforms, and EDR/XDR solutions.

Required Skills and Qualifications:

• Strong knowledge of APT groups and attack frameworks (e.g., MITRE ATT&CK, Lockheed Martin Kill Chain).
• Hands-on experience in incident response, digital forensics, threat hunting, and malware analysis.
• Proficiency with tools such as:
• EDR (e.g., CrowdStrike, SentinelOne, Carbon Black)
• SIEM (e.g., Splunk, QRadar, ArcSight)
• Forensics tools (e.g., FTK, EnCase, Volatility)
• Threat intel platforms (MISP, Anomali, ThreatConnect)
• Strong understanding of Windows/Linux internals, memory/process analysis, and network forensics.
• Experience writing detection rules (Sigma, YARA) and incident reports.

Preferred Qualifications:

• Certifications: GCIH, GCFA, GNFA, CHFI, OSCP, or similar.
• Experience with APT campaigns linked to sectors like government, BFSI, or critical infrastructure.
• Exposure to cloud incident response (Azure, AWS, GCP) and OT/ICS threat environments.

Education Requirements :

BE, B.Tech in IT/CS/ECE, BCA, BSc CS and MCA

Certification :

• CEH/CSA/CHFI