Assistant Manager- Incident Response & Handling Job in Delhi at Deloitte

Deloitte is hiring for the role of Assistant Manager- Incident Response & Handling!

Responsibilities of the Candidate:

• Detect, Analyze, Investigate, and report qualified security incidents to the Client as per the defined SLA 
• Provide recommendations to the security incidents reported as per SLA 
• Investigates incidents using various security event sources (FW, IDS, PROXY, AD, EDR, DLP etc.). 
• Investigations into non-standard incidents and execution of standard scenarios. 
• Provide dashboard and data related to Incidents/Offenses for governance reports. 
• Escalates to L3 if investigations uncover unusual or atypical situations. 
• Monitoring unhealthy log source/data source and escalate to engineering team to fix them. 
• Participate in incident response (IR) efforts; detect, identify, respond, contain and remediate all information security incidents. 
• Rapidly and accurately determine the source of a security incident and moving quickly to identify and apply containment, mitigation, and remediation steps. 
• Contribute to the execution of Cyber Security operations, incident response, and investigations spanning across all functions of the Corporate Security organization. 
• Track, monitor incident actions while applying intelligence, situational awareness to prioritise incident actions based on risk  
• Responsible for Incident and Breach communications, assessments, and reports and customer facing, to include leadership and executive management for the purpose of enabling Senior Management to make decisions in a crisis 
• Develop and document processes to ensure consistent and scalable response operations.
• Deliver tabletop IR assessments and real-life IR simulations at a technical and executive level. 
• Conduct in-depth root cause analysis on complex malware and user/system behaviour event 
• Gather and analyse forensic evidence for cyber security incidents and investigations. 
• Develop and document enhanced event analysis and incident response processes and procedures.

Requirements:

• Deep understanding of computer intrusion activities, incident response techniques, tools, and procedures. L1, L2, L3 Support.
• Knowledge of Windows, Active Directory, DNS & Linux operating systems, 
• Good Experience in SIEM monitoring (QRadar, Sentinel, Splunk,  chronicle) 
• Knowledge of SOAR technologies, working with playbooks (Cortex, chronicle, Splunk SOAR) 
• Experience handling malware incidents and detections from EDR (MS Defender, Crowdstrike, SenitnelOne etc..)
• Working experience and knowledge of ITSM tools for incident management. 
• Must be action oriented and have a proactive approach to solving issues. 
• Knowledge of security logs, log quality review. 
• Knowledge on IT (Operating systems, networking, databases) and IT security knowledge (system and network security) including IT security tools. 
• Good knowledge of office collaboration tools