Senior Consultant - Secruity Operations
Hyderabad, IN
Responsibilities:
• Define, identify, and classify information assets, assess threats and vulnerabilities regarding those assets, as well as recommend appropriate information security controls and measures.
• Detect, analyze, respond to, and lead security incidents, including Application and Network attempted and realized breaches. The incident response should include host and network-based log analysis, correlation of network indicators, PCAP data, incident timeline generation, and root cause analysis among other data sources.
• Correlate event data for IDS systems, Firewalls, Secure Web Gateways, SIEM, and other security systems for potential threats.
• Create and modify Kusto Queries (KQL functions) for Azure Sentinel analysis and investigations.
• Research and identify key indicators of compromise (IOC) on the network, servers, and end user workstations.
• Investigate and analyze causes, patterns and trends that can pose a risk to data integrity and information systems.
• Investigate security breaches and create actionable plans to address risks.
• Prepare detailed written analyses of incidents with remediation and prevention documentation.
• Provide briefing of findings to both technical and non-technical senior management audiences and business stakeholders.
• Maintain current knowledge on a wide range of security issues including architectures, firewalls, electronic data traffic and network access.
• Stays current with security news, attacks, threats, vulnerabilities, and technologies and implementing new defenses to secure the threat landscape.
• Adhere to ethical standards and comply with the laws and regulations applicable to the job function
Education, Certifications, or Special Licenses:
• A bachelor’s degree in Computer Science, Computer Engineering or an equivalent combination of education and experience from which comparable knowledge and abilities can be acquired
. • GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), GIAC Network Forensic Analyst (GNFA), AWS Certified Security – Specialty or other industry relevant certifications (Cloud-focused).
Relevant Years of Experience Required:
• Minimum 3+ years of progressively responsible experience in an Information Security and/or Cyber Operations environment for mid to large sized organization with familiarity of industry-standard security solutions.
• Minimum of 3 years’ experience with Perl, Python, or other scripting language in an incident handling environment. • Cloud Security experience required.
• Experience with core AWS services such as EC2, VPCs, S3, SNS, Lambda, CloudWatch and CloudTrail and AWS security consoles such as Guard Duty, Macie, etc. is a plus
Other Requirements:
• Strong hands-on cyber security skills, experience and demonstrated competency pertaining to cyber threats, information security, monitoring, detection and responding to security incidents.
• Strong knowledge and understanding of incident response phases (detection, triage, incident analysis, remediation, and reporting), threats, vulnerabilities, and exploits.
• Proven experience designing, implementing, and managing innovative solutions to complex security and infrastructure environments.
• In-depth understanding of operating systems, network/system architecture, protocols, and enterprise services, and enterprise architecture design.
• Ability to analyze different data types from various sources and draw conclusions regarding past and potential current security incidents.
• Experience and/or knowledge of Security Information and Event Management (SIEM) systems.
• Capability to quickly script and parse data.
• Ability to work independently, self-motivate and work within a team environment.
• Strong critical thinking, analytical and technical problem-solving skills.
• Excellent verbal and written communication skills.