*Looking for someone with strong IR & Investigation Skills with basic/mid level knowledge of Forensics*This Job Role addresses the following activities:Cyber Security Incident ResponseDigital Forensics and InvestigationJob Accountabilities:Plan and Oversee daily activities of forensic analysts and incident respondersConduct forensic investigations, identify systems of interest and direct data acquisition, analysis and containment measuresConduct network forensics, intrusion analysis, malware analysis and reverse engineering, threat intelligence fusion (wherever possible/ required) to identify the root cause / patient zeroBuild knowledge and skills within the team on latest forensic tools, endpoint threat detection tools, technologies and techniques on an ongoing basisWork with red team/ penetration testing teams to strengthen detection and response measures for advanced attacks and contribute to the knowledgebase of the Cyber Defence CenterAble to conduct manual investigation of Cyber Incident by correlating logs, events from multiple devices, servers, etc.Able to develop standard operating procedures, playbooks for Cyber Incident Response.Contribute to enhanced detection capabilities of the CDC using threat intelligence and drive innovation and efficiency of the Cyber Defence Center by leading automation initiativesBe responsible for accuracy, timeliness of the forensics investigation incidents and examinations and provide relevant reports, dashboards, metrics for periodic reviews and management presentationsCo-ordinate with stakeholders, build and maintain positive working relationships with themSkills Required (Knowledge and Skills)Technical competencies:Deep knowledge of OS internals (Windows, Linux), Active Directory and typical vulnerabilities and misconfigurations and associated exploitation techniques and scriptingIn-depth practical knowledge and experience in application of TTPs, MITRE Framework in securing an enterprise environmentWorking knowledge of at-least 1 EDR and SIEM tools (commercial or open source)Expertise in server and mobile forensic tools such as Autopsy, FTK, Encase, Oxygen, Cellebrite, Wireshark, RAM analysis, Registry analysis tools etcSignificant experience in investigating complex, multi-location security breaches and creation of detailed forensic investigation reports and presentations for variety of stakeholdersExperience of rapid rule development in response to newly released attacks, IOCs will be a plusResearch bent of mind and passion for keeping up-to-date with the latest threat landscape and adversarial techniquesNon-technical competencies:Logical thinker with attention to detailStrong collaborative skills and proven ability to work in a diverse team of security and IT professionalsProcess orientedMeticulous and methodical approach to documentationGood interpersonal skills to interact and gather relevant information from a variety of stakeholders such as IT, Network and Security teamsExcellent verbal and written EnglishAbility to work with calm and patience in high pressure situations in a dynamic environmentKey Attributes (Experience and Qualifications):BE/B.Tech/ME/M.Tech/MCA/MS from a reputed/recognized institute5-8 years of relevant experience in Forensics, Incident Analysis and InvestigationExcellent verbal and written communication skills and customer management skillsCertification as a CHFI, GCIH or GCFA would be an advantage (desired)