Senior Manager - Information Security (Cyber Defence & Investigation)

Bengaluru

Job Description

The onset of organised cybercrimes occurring at a very sophisticated level necessitates a robust cyber defence mechanism in place. Cyber defence & investigation manager will cover the incident response planning to lessons learnt documentation and security investigation aspects of cybersecurity in Myntra. The cyber defence manager should be with 14 years of experience and have a minimum of 5+ years in incident response and investigations. The responsibilities of this role will be to develop incident response playbooks, respond to the incident, containment steps in collaboration with internal and external stakeholders, collect digital evidence related to incidents, ability to perform investigation for incident, training, analysis and legal proceedings.

The individual should have exposure to the cyber incident response and security investigation process as well in order to be able to understand the attacks and respond to methodologies adopted by attackers.

 

Responsibilities and Scope:

  • Develop and sustain incident response strategy covering the enterprise and product landscape, which should policy, procedure and playbooks
  • Being a contact point in case of an incident and managing incident from its detection to closure post-incident analysis and communicate to all concerned stakeholders to prevent any further damage due to an incident
    • Planning and executing threat hunting will be the primary focus of this role along with in-depth investigation and support to incidents escalated from SOC
    • Leading the technical and incident responders into cybersecurity events and taking responsibility for the timely identification of threats and minimizing further risk to Myntra information assets and services
    • Ensuring the completion of post-incident reviews, assessing the effectiveness of controls, detection and response capability and supporting the required improvements with the control or capability owners
    • Assess the contractual and legal impact of a cybersecurity incident
  • Provide a detailed report to digital investigations from the case strategy through to the investigation into recovered digital media
  • Collaborate with internal and external stakeholders for incident response and investigations  
  • Form visualisations about the cyber attacks and propose remedial steps based on the attack patterns.
  • Communicating with key business units for making recommendations on mitigation and prevention techniques
  • Be the subject matter expert (SME) on incident response processes, tools and approaches to the wider team and other stakeholders
  • Identify learnings from incidents that can be included in security monitoring, identification, analysis, mitigation, post-incident activity and continuous improvement of the information risk incident management process
  • Contribute and/or drive special projects by providing expertise, guidance, and leadership
  • Strong knowledge in malware analysis would be a plus and the ability to conduct a detailed analysis of various security-related events like Phishing, Malware, DoS/DDoS, Application-specific Attacks, Ransomware etc

Must-Have:

  • Experience working in large scale complex environment
  • Experience writing security documentation in the form of incident response procedures or playbooks
  • Knowledge of incident and service management and tools for reporting and trending
  • Technical know-how on the organization’s application, system, network, and infrastructure
  • Deep understanding of technologies and architecture in a highly scalable enterprise 
  • Knowledge in network and logging mechanisms of operating systems, platforms and networking
  • Proficiency with any of the following: EDR, Anti-Virus, Vulnerability Management, HIPS, NIDS/NIPS, Full Packet Capture, Host-Based Forensics, Network-Based Forensics, and Encryption
  • In-depth knowledge of architecture, engineering, and operations of any one enterprise SIEM platform (e.g. Nitro/McAfee Enterprise Security Manager, ArcSight, QRadar, LogLogic, Splunk)
  • Advanced certifications such as SANS GIAC / GCIA / GCIH, CISSP or CASP and/or SIEM-specific training and certification is added advantage
  • At least 5 years of experience as lead investigator and 3 years of experience as leading Security Operation Centre (SOC)
  • Expertise in IRP (Incident Response Playbook) creation and execution
  • An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative and actionable manner.
  • Good communication skills to coordinate among various stakeholders of the organisation

Nice to Have:

  • Scripting skills for automation in Windows, Linux, Unix Environments
  • Good understanding of the offensive and defensive side of security
  • Excellent communication skills
  • Ability to work outside of working hours