Posts
Larsen & Toubro Infotech Limited
India
Experience: 4-7 Years Must-Have Skills Cyber Forensics, SIEM Investigation Tool: Cyber Forensics: Encase SIEM: Splunk CHFI Certification is Must Preferred Splunk Certified. Preferred Skills: Crowd Strike, SIEM, Security Alert Analysis, Incident Management, security monitoring in Cloud environment.
Roles and Responsibilities
• Forensics extraction and analysis of mobile data for law enforcement agencies • Forensically extraction and analysis of data from storage device (SATA, PATA, SSD, Flash, MicroSD, USB) • Tracing of crypto currencies like and Litecoin (Ransomware attacks) • Dark web intelligence gathering and assisting law enforcement agencies • Continuous research on latest forensics tools and assisting law enforcement agencies for cybercrime related cases • Investigate breaches leveraging forensics tools including Encase, FTK, X-Ways, SIFT, Splunk, and custom investigation tools to determine source of compromises and malicious activity that occurred in client environments. The candidate should be able to perform forensic analysis on: • Host-based such as Windows, Linux and Mac OS X • Firewall, web, database, and other log sources to identify evidence and Artifacts of malicious and compromised activity. • Cloud-based platforms such as Office 365, Google, Azure, Asset • Perform analysis on identified malicious artifacts • Contribute to the curation of threat intelligence related to breach investigations • Excellent verbal and written communication and experience presenting technical findings to a wide audience of varying technical expertise • Be responsible for integrity in analysis, quality in client deliverables, as well as gathering caseload intelligence. • Responsible for developing the forensic report for breach investigations related to ransomware, data theft, and other misconduct investigations. • Must also be able to manage multiple projects daily. • Manage junior analysts and/or external consultants providing investigative support • Act as the most senior forensic analyst, assisting staff, provide review of all forensic work product to ensure consistency and accuracy, and support based on workload or complexity of matters • Ability to analyse workflow, processes, tools, and procedures to create further efficiency in forensic investigations SIEM Investigation • Identify abnormal security events and trigger the call list / distribution list. · Recognize successful cyber intrusions and compromises through log review and analysis of relevant event detail information. • Launch and track security investigations to resolution. Recognize cyber-attacks based on their signatures. • Differentiate the false positives from true intrusion attempts and help remediate / prevent. • Analyze and assess security incidents and escalates to appropriate internal teams for additional assistance. • Actively investigate the latest in security vulnerabilities, advisories, incidents, and penetration techniques and notify client when appropriate. • Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation. • Responsible for documenting the incident life cycle, conducting handoffs’, escalation, and providing support during cyber incidents • Responsible for the tracking and assignment of tickets/events to Cyber Security Team. • Responsible for analyzing potential threats from multiple sources. • Responsible for creating filters, reports, dashboards, and alerts in support of Cyber Operations. • Responsible for initiating blocks for all indicators of compromise gathered in analysis. • Responsible for creating and updating existing playbooks and runbooks. • Assist with real-time security incident handling and tracking (e.g., intrusion correlation/tracking, threat analysis, and direct system remediation) tasks to support Incident Response Team. • Should be familiar with handling and mitigating attacks related to viruses, spoofing, hoaxes, malware • Should be familiar with emergency.