The onset of organised cyber crimes occurring at a very sophisticated level necessitates a robust cyber defence mechanism in place. Cyber Defence Manager will cover the incident response and forensic investigation aspects of cyber security in M. The Cyber Defence Manager should be with 15 years of experience and having a minimum of 5+ years in cyber Incident Response and Forensics. The responsibilities of this role will be to develop incident response playbooks, respond to the incident, containment steps in collaboration with internal and external stakeholders, collect digital evidence related to incidents, ability to perform forensic for incident, training, analysis and legal proceedings.
The individual should have exposure to the cyber incident response process as well in order to be able to understand the attacks and respond to methodologies adopted by attackers.
Responsibilities and Scope:
- Being a contact point in case of incident and managing incident from its detection to closure and post incident analysis.
- Communicate in an appropriate way to all concerned stakeholders to prevent any further damage due to an incident.
- Threat Hunting and Advanced Threat management will be primary focus of this role along with in-depth investigation and support to incidents escalated from SOC
- Carry out containment of cyber attacks in order to prevent further infections.
- Assess the contractual and legal impact of a cyber security incident.
- Provide a scene / fieldwork response to digital investigations from the case strategy through to the investigation into recovered digital media.
- Owning Major Security Incident process and driving Major Security Incident when happens will also be one of the key responsibilities
- Strong knowledge in malware analysis would be a plus and the ability to conduct detailed analysis of various security related events like Phishing, Malware, DoS/DDoS, Application specific Attacks, Ransomware etc.
- Form visualisations about the cyber attacks and propose remedial steps based on the attack patterns.
- Also Involves communicating with key business units for making recommendations on mitigation and prevention techniques
- Technical know-how on the organisation’s application, system, network and infrastructure
- Deep understanding of technologies and architecture in a highly scalable enterprise network
- Deep understanding of logging mechanisms of Windows, Linux and MAC OS platforms, networking
- Proficiency with any of the following: EDR, Anti-Virus,Vulnerability Management, HIPS, NIDS/NIPS, Full Packet Capture, Host-Based Forensics, Network-Based Forensics, and Encryption
- In-depth knowledge of architecture, engineering, and operations of any one enterprise SIEM platform (e.g. Nitro/McAfee Enterprise Security Manager, ArcSight, QRadar, LogLogic, Splunk)
- Advanced certifications such as SANS GIAC / GCIA / GCIH, CISSP or CASP and/or SIEM-specific training and certification is added advantage
- At least 5 years of experience as lead investigator and 3 years of experience as lead analyst in Security Operation Centre (SOC)
- Expertise in IRP (Incident Response Playbook) creation and execution
- Above 12 years of experience with technology depth as well as good people skills
- Good communication skills to coordinate among various stakeholders of the organisation
Nice to Have:
- Scripting skills for automation in Windows, Linux, Unix Environments
- Good understanding of the offensive and defensive side of security
- Excellent communication skills
- Ability to work outside of working hours
Apart from all the general benefits of best in industry compensation, equity, healthcare etc., Myntra prides in calling out the big hand for you to be in a Great Work, Great People and Great environment. We call ourselves an incubator for engineers where you get all the optimal conditions to do and experience your best.