Associate Principal Engineer - Cyber Defense
Associate Principal Engineer will cover the incident response and forensic investigation aspects of cybersecurity in Myntra. The Associate Principal Engineer should be atleast 3 years of experience and have a minimum of 3+ years in cyber incident response and forensics. The responsibilities of this role will be to collaborate with internal and external stakeholders, collect digital evidence related to incidents, the ability to perform triaging, analysis, forensic, and reporting.
The individual should have exposure to the cyber incident response process as well in order to be able to understand the attacks and respond to methodologies adopted by attackers.
Responsibilities and Scope:
- Investigate, document, and report on information security issues and emerging threats
- Provide Incident Response (IR) support when analysis confirms the actionable incident.
- Monitor and analyze logs and alerts from a variety of different technologies across multiple platforms to identify and triage security incidents affecting the enterprise
- Performing threat hunting along with in-depth investigation and support to incidents escalated from SOC
- Assess the security impact of security alerts and traffic anomalies to identify malicious activities and take mitigating actions or escalates up to senior members of the team as appropriate
- Define and document playbooks, standard operating procedures, and IR process
- Document results of cyber threat analysis effectively and prepares a comprehensive analysis report for Incident Response
- Utilize security tools and technologies to analyze potential threats to determine impact, scope, and recovery
- Collaboration with internal and external incident response teams.
- Strong knowledge in malware analysis would be a plus and the ability to conduct a detailed analysis of various security-related events like Phishing, Malware, DoS/DDoS, Application-specific Attacks, Ransomware, etc.
- Also Involves communicating with key business units for making recommendations on mitigation and prevention techniques
- Research and explore the enrichment and correlation of existing data sets to provide deep threat analysis.
- Contribute and/or drive special projects by providing expertise, guidance, and leadership
- Perform and/or interpret internal and external vulnerability scanning
- Technical know-how on the organisation’s application, system, network and infrastructure
- Deep understanding of technologies and architecture in a highly scalable enterprise network
- Deep understanding of logging mechanisms of Windows, Linux, and MAC OS platforms, networking
- Proficiency with any of the following: EDR, Anti-Virus, Vulnerability Management, HIPS, NIDS/NIPS, Full Packet Capture, Host-Based Forensics, Network-Based Forensics, and Encryption
- In-depth knowledge of architecture, engineering, and operations of any one enterprise SIEM platform (e.g. Nitro/McAfee Enterprise Security Manager, ArcSight, QRadar, LogLogic, Splunk)
- Advanced certifications such as SANS GIAC / GCIA / GCIH, CISSP or CASP and/or SIEM-specific training and certification is an added advantage
- Experience as lead investigator & lead analyst in Security Operation Centre (SOC)
- Expertise in IRP (Incident Response Playbook) creation and execution
- Good communication skills to coordinate among various stakeholders of the organization
Nice to Have:
- Scripting skills for automation in Windows, Linux, Unix Environments
- Good understanding of the offensive and defensive side of security
- Excellent communication skills