LTIMindtree Limited is an Indian multinational information technology services and consulting company. A subsidiary of Larsen & Toubro, the company was incorporated in 1996 and employs more than 90,000 people.
Improving Signal Noise Ratio, Developing Incident Response Workflow that can be automated.
Perform security monitoring gap analysis using MITRE ATT & Ckframework and build corresponding process/framework for continuous evaluation as well as increase detection coverage.
Provide support to the Security Operations Center (SOC) L1/L2 Analyst during incident response, event monitoring, and threat-hunting activities.
Responsibilities include cyber threat analysis support, research, and recommending appropriate remediation and mitigation.
Deep understanding of several of the following fields: Email security (including PDF and Document analysis), digital media forensics, monitoring and detection, incident response, vulnerability assessment, penetration testing, cyber intelligence analysis, and network analysis
Trending and correlation of monitored events to build new Indicators of Compromise (IOC), attack attribution, and helping establish countermeasures increasing cyber resiliency.
Identification of advanced cyber threat activities, Endpoint Detection Response, intrusion detection, incident response, malware analysis, and security content development (e. g., signatures, rules, etc. ); and cyber threat intelligence.
Being flexible to work in 247 environments as per the business needs.
Ability to manage P1 /P2s Security Incidents through its lifecycle- Incident Handling. Intermediate level understanding of ATP, EDR, API Security, Identity Management. Security Incident Response and triage and able to do root cause analysis. Sound understanding of different log sources and event co-relations. Security use-case development and fine-tuning based on the requirements (hands-on experience with Azure Sentinel/Kusto Query language preferred). Developing incident response plans and working with team to contain identified threats. Tuning threat detection to minimize noise and amplify a signal. Design of new SOC workflows/metrics, reports, dashboards and processes to improve SOC scalability and efficiency. Maintaining proficiency by following the latest trends and developments in cyber security. Perform security automation to solve security use cases within the organization & continually improve threat detection capability and accuracy. Advanced level domain knowledge Cyber Security, Threat Hunting (Active hunting on network flow, user behavior and threat intelligence), SIEM - Azure Sentinel, Ability to Comprehend Logs (HTTP, SMTP, Network), Windows Active Directory, Operating systems and servers. Well-versed with different attack vectors/TTPs and be able to simulate non-invasive attack as needed. Ability to design and implement new approaches for detecting attacks and effective containment techniques, including scripting, analytics, and automation. Experience working with a selection of SIEM, TIP, malware analysis, and multiple sources of threat intelligence to properly categorize suspicious behavior. The ability to communicate complicated technical issues and the risks they pose to developers, network engineers, system administrators, and management. Excellent written and verbal communication skills, interpersonal and collaborative skills. Must be a critical thinker, with strong problem-solving skills. Ability to work independently, enjoys learning, and stays current with industry developments, regulations, and best practices. Preferred Security certifications such as CompTIA Sec+, CHFI, CEH, SANS, Certified Incident Handler, AZ-500 & AZ-900/SC-200 Hands-on experience SIEM with analysis and/or response to information security threats or incidents. Experience in performing performance health checks, tuning and optimization, Integrating log sources into SIEM technologies. Install / configure / build / fine - tune the SIEM tools to setup an effective information security support / operation. Establish KPI, review & manage security logs and provide reports based on KPI and metrics. Hands-on knowledge of Correlation rules creation / Update / Deletion. Good understanding of ITIL processes, ISO/PCI DSS, including Change Management, Incident Management, and Problem Management.