COMPLETE TC_CS_NGSO TDR_IRR_Senior

Job Description

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. 

 

 

 

 

Technology Consulting – Threat Detection & Response
Incident Response – IR (Senior)

 

KEY Capabilities:

• Excellent teamwork skills, passion and drive to succeed and combat Cyber threats 
• Willing to learn new technologies and take up new challenges.  Assist in developing high-quality technical content such as automation scripts/tools, reference architectures, and white papers.
• Should have worked in a security operations center and gained understanding of SIEM and other log management platforms. Having experience in Splunk content development will be an added advantage
• Should have good hands-on experience and skills on advanced and integrated SOC Technology like SIEM, SOAR, EPP, EDR solutions, Firewalls, IDPS, Web Proxy, Enterprise Forensics tools.
• Should have knowledge of IDAM, AD/Domain Controllers, Security event logs.
• Advanced knowledge of Forensic technologies (such as Memory Forensics, Network Forensics, Filesystem Forensics, Email Forensics, Malware analysis, Device Forensics) across various platforms (end-points, servers, AWS/Azure cloud) and Operating Systems (Windows, *nix, etc.) for supporting Forensics investigations and Incident Response
• Good hands-on experience in any scripting language (like Python, PowerShell, Perl, etc) to effectively automate the analysis of various logs/artifacts.
• Experience with cloud infrastructures for the enterprise, such as Amazon Web Services, G Suite, Office 365, and Azure.
• Proficiency with industry-standard DFIR toolsets,
• Knowledge of methods utilized for evidence collection, maintenance of chain of custody, evidence storage and analysis, and evidentiary reporting
• Experience with IDA Pro, OllyDbg, other disassemblers/ debuggers
• Good knowledge in threat modelling. 
• Knowledge in Network monitoring technology platforms such as Fidelis XPS or others
• Knowledge in endpoint protection tools, techniques and platforms such as Carbon Black, Tanium, Microsoft Defender ATP, Symantec, McAfee or others

 

Key Responsibilities:

• Must to Lead end-to-end incident response investigations, either on premises or remote, depending on customer requirements
• Identify and investigate intrusions to determine the cause and extent of the breach, by leveraging EDR solutions, Network security solutions, threat intelligence sources and Forensic tools
• Perform host and network forensics, log analysis, and malware analysis (if required) in support of incident response investigations
• Perform threat hunting across client’s networks hunting for evidence of a compromise
• Perform incident response within various Cloud platforms   
• Develop indicators of compromise by Identifying attacker tools, tactics, and procedures
• Develop and implement remediation plans along with incident response
• Provide expert opinions based on findings and analysis
• Share investigation/status reports and presentations for both technical and executive audiences

Qualification & experience:

• 5+ years in any combination of roles as an Incident Responder or Forensic Examiner
• Strong oral, written and listening skills are an essential component to effective consulting.
• Strong background in network technologies. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary.
• Good to have experience in Static and dynamic malware analysis 
• Expertise in any User Behavior Analytics platform or App such as Splunk User Behavior Analytics/Exabeam User Behavior Intelligence /Securonix UBA will be an added advantage
• Good knowledge in programming or Scripting languages PowerShell, Bash & Python
• Experience with Packet Analysis tools: TCP Dump, Ettercap, Wireshark
• Must have honours degree in a technical field such as computer science, mathematics, engineering or similar field
• Minimum 4 years of working in a security operations center 
• Having GCIH / GMON / GCIA / GCFE / GCFA / GREM / GNFA certification will be an added advantage.
• Certification in any one of the SIEM Solution such as IBM QRadar, Exabeam, Securonix and Splunk will be an added advantage 

 

EY | Building a better working world 

 
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.  

 
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.  

 
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.