Functional Manager - IR Forensic

JD For IR/Forensic .:

•  Security tools such as SentinelOne EDR, Zscaler Proxy, Bluecoat Proxy, F5 WAF console, CSPM, ASM etc should be reviewed and incidents reviewed and closed.
•  Track the closure of all the incidents with the stake holders and complete the review as per the severity of the incident with the help of other teams.
•  Preparing the reports of the incidents and related dashboard for complete view.
•  Need to review alerts on CSPM.
•  Understating on review of application logs.
•  Understanding of Operating systems Windows,Linux.
• Maintain Chain of coustody.
•  Understanding of AWS,Azure cloud logs
•  Need to take memory dump from endpoint & able to do memory dump analysis.
•  Publishing the incident report tracker on daily basis/periodical to seniors.
•  Need to do end to end investigation and provide RCA into the reporting format.
•  Email header analysis.
•  understanding of cyber kill chain.
•  Understanding on APT threat vector.
  •  Need to check the log retention on systems/server/networks/storage/application logs and security devices as per ISSP policy of ISEC and regulatory requirement.