Associate Principal Engineer - Cyber Defense | Myntra Design Pvt Ltd, Bangalore
Associate Principal Engineer will cover the cyber incident response and forensic investigation aspects of cybersecurity in Myntra. The Associate Principal Engineer should be with 6 years of experience and have a minimum of 3 years in cyber incident response and forensics. The responsibilities of this role will be to collaborate with internal and external stakeholders, collect digital evidence related to incidents, the ability to perform triaging, analysis, forensic, and reporting.
The individual should have exposure to the cyber incident response process as well in order to be able to understand the attacks and respond to methodologies adopted by attackers.
Responsibilities and Scope:
- Investigate, document, and report on information security issues and emerging threats
- Provide Incident Response (IR) support when analysis confirms the actionable incident.
- Monitor and analyze logs and alerts from a variety of different technologies across multiple platforms to identify and triage security incidents affecting the enterprise
- Ability to conduct a detailed analysis of various security-related events like Phishing, Malware, DoS/DDoS, Application-specific Attacks, Ransomware, etc.
- Interpret internal and external vulnerability scanning
- Performing threat hunting along with in-depth investigation and support to incidents escalated from SOC
- Utilize security tools and technologies to analyze potential threats to determine impact, scope of incident, and recovery
- Assess the security impact of security alerts and traffic anomalies to identify malicious activities and take mitigating actions or escalates up to senior members of the team as appropriate
- Define and document playbooks, standard operating procedures, and IR process
- Document results of cyber threat analysis effectively and prepares a comprehensive analysis report for Incident Response
- Collaboration with internal and external incident response teams.
- Communicate with key business units for making recommendations on mitigation and prevention techniques
- Research and explore the enrichment and correlation of existing data sets to provide deep threat analysis.
- Contribute and/or drive special projects in the area of DFIR
- Technical understanding of network models, security controls in each layer of network model, application security, OS security, network security concepts
- Incident Management ability involving cloud environments, hybrid environments
- Good understanding of logging mechanisms of Windows, Linux, and MAC OS platforms, networking
- Proficiency with any three of the following: EDR, Anti-Virus, Vulnerability Management, HIPS, NIDS/NIPS, Full Packet Capture, Host-Based Forensics, Network-Based Forensics, and Encryption
- Ability to collate Threat Intel and utilize the intel during incident investigations
- Good knowledge of architecture, engineering, and operations of any one enterprise SIEM platform (e.g. Nitro/McAfee Enterprise Security Manager, ArcSight, QRadar, LogLogic, Splunk)
- Good understanding of Cyber Security frameworks and their usage e.g. MITRE ATT&CK Framework
- Understanding of OWASP Top 10 application vulnerabilities
- Expertise in IRP (Incident Response Playbook) creation and execution
- Good communication skills to coordinate among various stakeholders of the organization
Nice to Have:
- Scripting skills for automation in Windows, Linux, Unix Environments
- Advanced certifications such as SANS GIAC / GCIA / GCIH, CISSP, CEH or CASP and/or SIEM-specific training and certification is an added advantage
- Strong knowledge in malware analysis
- Good understanding of the offensive and defensive side of security
- Excellent communication skills