Sr Engineer-Captive Operations

About The Company

Shift : 9x5

Skillset Must : Network forensic (Packet Capture and Re-Construction Capability), Knowledge on Threat Intelligence Platform (TIP)/ Anti APT/ EDR

• Certified with any threat hunting certification, or equivalent .
• Responsible for conducting all threat-hunting activities necessary for identifying the threats including zero day.
• Hunt for security threats, identify threat actor groups and their techniques, tools and processes.
• Strong knowledge of APT lifecycle, tactics, techniques, and procedures (TTPs).
• Familiarity with MITRE ATT&CK framework and mapping threats to techniques.
• Provide expert analytic investigative support to L1 and L2 analysts for complex security incidents.
• Proficiency in malware behavior analysis and sandboxing.
• Perform analysis of security incidents for further enhancement of rules, reports, AI/ML models.
• Perform analysis of network packet captures, DNS, proxy, NetFlow, malware, host-based security and application logs, as well as logs from various types of security sensors uncovering the unknown about internet threats and threat actors.
• Analyse logs, alerts, suspicious malwares samples from all the SOC tools, other security tools deployed such as Anti-Virus, Anti APT solutions, EDR, IPS/IDS, Firewalls, Proxies, Active Directory, Vulnerability assessment tools etc.
• Using knowledge of the current threat landscape, threat actor techniques, and the internal network, analyze log data to detect active threats within the network. Build, document and maintain a comprehensive model of relevant threats to customer.
• Proactively identify potential threat vectors and work with team to improve prevention and detection methods.
• Identify and propose automated alerts for new and previously unknown threats.
• Incident Response for identified threats.
  

 Strong knowledge of APT lifecycle, tactics, techniques, and procedures (TTPs).

 Hands-on experience with Trellix (formerly McAfee) APT solutions, EDR, and Threat Intelligence.

 Proficiency in malware behavior analysis and sandboxing.

 Familiarity with MITRE ATT&CK framework and mapping threats to techniques.

 Experience with security monitoring tools such as SIEM, SOAR, EDR, and Threat Intelligence Platforms (TIPs).

 Solid understanding of network protocols, endpoint protection, and intrusion detection systems.

Required Qualifications

• Education: B.E./B.Tech/MCA/M.Sc. in Computer Science or Information Technology.
• Experience: Minimum 6+ years of relevant experience in Security Operations, Threat Detection, or Incident Response.
• Certification : CSA/CEH