Cyber Incident Responder

Organization: At CommBank, we never lose sight of the role we play in other people’s financial wellbeing. Our focus is to help people and businesses move forward to progress. To make the right financial decisions and achieve their dreams, targets, and aspirations. Regardless of where you work within our organisation, your initiative, talent, ideas, and energy all contribute to the impact that we can make with our work. Together we can achieve great things.

Job Title: Cyber Incident Responder
Location: Bangalore-Manyata Tech Park

Business & Team: The Cyber Attack Response Team (CART) enables the Group to respond to cyber security events and incidents. The team serves as the Tier 2 cyber incident response function and is responsible for investigation, remediation and post-incident activities.

Impact &contribution: As a Cyber Security Incident Responder you will be responsible for responding to cyber attacks through preparation, investigation, remediation, and post-incident activities. The role involves working closely with various departments to ensure the organisation's ability to prevent, detect, and respond to cyber security incidents is continuously improved.

Roles & responsibilities:

As a Cyber Security Incident Responder, you will:

• Respond to escalated cyber security incidents while capturing essential details and artefacts.
• Analyse security logs and data to detect malicious activities, including malware reversal.
• Coordinate and investigate cyber security events and incidents based on documented playbooks, Standard Operating Procedures, and the Group’s Cyber Incident Response Plan.
• Utilise sensor data and correlated logs containing Operating System events, IDS/IPS, AV, web application firewalls, web proxy, and similar data to establish context and scope.
• Collaborate with different teams to contain and eradicate threats.
• Document incident details and maintain incident response records.
• Develop and implement incident response plans and procedures.
• Maintain incident response documentation, participate in post-mortems, and write incident reports.
• Demonstrate thought leadership in the enhancement of incident detection, response, and threat hunting capabilities.
• Contribute to projects that enhance the security posture of the group.
• Identify trends, potential new technologies, and emerging threats, which may impact the Group.

Essential skills:

• Experience: 5+ years of experience in cyber security, with a focus on incident response. Hands-on experience with security systems, firewalls, intrusion detection systems, and endpoint protection solutions.
• A proficiency in Splunk or other SIEM tools
• A proficiency in Microsoft Defender for Endpoints (MDE) or other Endpoint Detection and Response (EDR) tools
• A strong understanding of networking principles
• Experience in incident management, with a strong emphasis on comprehensive documentation, integrity, and accountability.
• Experience with cloud security and knowledge of cloud platforms such as AWS or Azure.
• Experience with automation and scripting languages such as Python, PowerShell, or Bash.
• Possess the knowledge and skills to reverse-engineer malicious software (malware).
• The capability to learn fast, and a knack to analyse computer system activity to understand and assess cyber threats.
• An ability to document and explain technical details clearly and concisely for different audiences.
• Technical Skills: In-depth knowledge of operating systems, network protocols, and cyber security tools.
• Analytical Skills: Strong analytical and problem-solving skills. Ability to analyse complex security issues and develop effective solutions.
• Communication Skills: Excellent verbal and written communication skills. Ability to convey technical information to non-technical stakeholders.
• Attention to Detail: High level of attention to detail and accuracy. Ability to work meticulously under pressure.
• Team Player: Ability to work collaboratively in a team environment. Proven ability to build strong working relationships with colleagues and stakeholders.
• Ethical Standards: High ethical standards and integrity. Commitment to maintaining confidentiality and protecting sensitive information.
• Relevant certifications such as GIAC Certified Incident Handler (GCIH), or GIAC Reverse Engineering Malware (GREM) are a plus.

Education Qualification: Bachelor’s degree or Master’s degree in Engineering in Computer Science/Information Technology