Assistant Manager-Captive Operations

Organisation : Novamesh Ltd (TATA Commununications Ltd)

Position : L3, Location - Jaipur

Shift : 9x5

Job Summary:

We are looking for an experienced System and Network Forensics Specialist to conduct detailed investigations into cyber incidents, data breaches, and suspicious network activity. The candidate will analyze logs, artifacts, memory dumps, and network traffic to identify root causes, attacker techniques, and indicators of compromise (IOCs). This role plays a key part in incident response and threat attribution efforts.

Key Responsibilities:

System Forensics:

• Acquire and analyze forensic images of workstations, servers, and storage devices using tools like FTK, EnCase, X-Ways, Autopsy.
• Perform memory analysis using Volatility or similar tools to extract runtime evidence.
• Examine system logs, registry, file metadata, prefetch files, and persistence mechanisms.
• Recover deleted files, examine file access patterns, and identify malicious executables or scripts.

Network Forensics:

• Analyze PCAP files and live network captures using Wireshark, Zeek (Bro), tcpdump, or NetworkMiner.
• Reconstruct sessions to identify lateral movement, exfiltration, beaconing, or C2 communications.
• Correlate network events with endpoint activity and threat intelligence to understand attack paths.

Reporting & Collaboration:

• Document findings, timelines, IOCs, and technical evidence in clear forensic reports.
• Support legal and HR teams in internal investigations with chain-of-custody adherence.
• Collaborate with SOC, threat intelligence, and incident response teams during investigations.
• Recommend detection or preventive controls based on forensic analysis.

Required Skills and Qualifications:

• Strong understanding of OS internals (Windows/Linux), file systems (NTFS, EXT4), and memory structure.
• Hands-on experience with forensic toolkits and analysis frameworks.
• In-depth knowledge of networking protocols (TCP/IP, DNS, HTTP/S, SMB).
• Familiarity with malware behavior, rootkits, persistence techniques, and anti-forensic methods.
• Experience documenting forensic findings for both technical and non-technical audiences.
• Working knowledge of legal processes related to digital evidence handling.

• Familiarity with SIEMs (e.g., Splunk, QRadar) and EDR tools (e.g., CrowdStrike, SentinelOne). NBAD etc
• Experience with MITRE ATT&CK, threat hunting, or reverse engineering.

Required Qualifications:

• Education:
  B.E./B.Tech/MCA/M.Sc. in Computer Science or Information Technology.
• Experience:
  Minimum 5+ years of relevant experience in Security Operations, Threat Detection, or Incident Response.

• Certification : GCFA, GCFE, CHFI