Incident Response and Governance - Specialist

Reporting Structure

Reports to Lead – Security Operations Centre

Location – Mumbai

Education

·       Bachelor's degree in Cybersecurity, Information Technology, or a related field (preferred).

Experience/ Qualifications

·       3-6 years of working experience in a security operations center or relevant.

·       Experience with incident response frameworks and methodologies (e.g., MITRE ATT&CK)

·       Strong knowledge of incident response, incident management, change management, process flow, etc. and their best practices.

·       Excellent communication and collaboration skills

·       Ability to work independently and as part of a team

·       Ability to handle pressure and work effectively in a fast-paced environment

·       Experience with security tools and technologies (e.g., SIEM, SOAR, EDR) a plus

·       Knowledge of legal and regulatory requirements related to data breaches a plus

·       Good understanding of Incident life cycle and Triage process.

·       Good experience in OS logs, WAF, IPS, firewall etc. log analysis.

·       Insight knowledge about DFIR and Malware analysis

·       Knowledge of Threat Intelligence and Security Advisories research and analysis would be added advantage.

Industry

·       Financial Domain (Banking / NBFC experience is desirable)

Responsibilities

Incident Detection and Triage:

• Monitor security systems and SIEM for potential security incidents
• Analise alerts and events to determine their severity and potential impact
• Prioritize incidents based on risk and potential business impact
• Document and escalate incidents as needed

Incident Response:

• Contain incidents to prevent further damage or data loss
• Collect and analyze evidence to determine the root cause of the incident
• Develop and implement remediation plans to address the incident
• Eradicate the threat and prevent future occurrences
• Document the incident response process for future reference

Communication and Collaboration:

• Communicate effectively with internal stakeholders, including system administrators, IT operations, and business units
• Collaborate with external vendors and law enforcement as needed
• Prepare and deliver incident reports and updates to senior management

Threat Intelligence:

• Stay up-to-date on the latest cyber threats and vulnerabilities
• Share threat intelligence with other security professionals within the organization
• Contribute to the development and improvement of the organization's security posture

Industry Certifications

·       Technical certifications: CompTIA security+ \ CEH or relevant

·       Security Standard frameworks: ISO/NIST/PCI-DSS

·       Incident Handling and relevant certification