Incident Responder (L3 / CSIRT Lead)

Job Title: Incident Responder (L3 / CSIRT Lead)

Department: Security Operations Center (SOC) / CSIRT

Location : Delhi

Candidates from in and around Delhi alone are preferred

Role Summary

The Incident Responder (L3 / CSIRT Lead) is responsible for leading the incident response lifecycle for high-severity and critical cybersecurity incidents, conducting digital forensic investigations, coordinating multi-team response activities, ensuring regulatory reporting compliance, and continuously improving incident response capabilities within the organisation.

Key Responsibilities

1. Lead the incident response lifecycle for all high-severity and critical incidents from initial detection through containment, eradication, recovery, and post-incident review ensuring compliance with CERT-In mandatory reporting timelines.
2. Execute SOAR-orchestrated response playbooks for rapid containment; where automation gaps exist, perform manual containment actions (network isolation, account disablement, IOC blocking) while coordinating with IT operations, network, and application teams.
3. Conduct digital forensic analysis, memory acquisition and analysis (Volatility, Rekall), disk forensics (Autopsy, FTK), network forensics (Wireshark, Zeek), and malware triage (static/dynamic analysis) to establish full incident scope, root cause, and adversary TTPs.
4. Author detailed post-incident reports: executive summary, technical timeline, root cause analysis, MITRE ATT&CK mapping, evidence inventory, impact assessment, and remediation recommendations within 72 hours of incident closure; present lessons learned to CISO.
5. Maintain and continuously improve incident response plans, playbooks, and standard operating procedures conduct quarterly tabletop exercises and annual full-scale IR
7. simulations; update procedures based on real-world incident findings and evolving threat landscape.

Educational Qualification

• B.Tech / M.Tech in Computer Science, Information Security, Digital Forensics, or Cybersecurity.

Experience Requirement

• Minimum 7 years in cybersecurity, of which at least 4 years in incident response / CSIRT roles.

Technical Skill Requirements

• Expert-level proficiency in digital forensics tooling, memory forensics (Volatility/Rekall), disk forensics (Autopsy/FTK/X-Ways), network forensics (Wireshark/Zeek/NetworkMiner), and malware analysis (IDA Pro/Ghidra, Cuckoo/Any.Run).
• Demonstrated experience coordinating multi-team incident response across organisational boundaries working with network operations, system administrators, application teams, legal, and communications under high-pressure, time-critical conditions.
• Thorough understanding of Indian cyber incident reporting requirements (CERT-In directions 2022), IT Act 2000 provisions relevant to incident evidence handling, and coordination protocols with NCIIPC for critical infrastructure incidents.

Company Website : https://innspark.in/