Apply now »

Job Title:  RA-Cyber-D&R-Splunk Engineer-Thane

Job requisition ID ::  65980
Date:  Apr 24, 2024
Location:  Mumbai - I-Think
Designation:  Consultant
Entity: 

 

What impact will you make?

Every day, your work will make an impact that matters, while you thrive in a dynamic culture of inclusion, collaboration and high performance. As the undisputed leader in professional services, Deloitte is where youll find unrivaled opportunities to succeed and realize your full potential

 

The Team

Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilientnot only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks.

Work youll do

As a part of our Risk Advisory team youll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations. Youll:

 

Role :-

 

Cyber Threat Management analyst role is to defend clients network & data by investigating security incidents that have been triaged and escalated by the first level of Analyst in Security Operations Center. This includes performing analysis of indicators of compromise, investigating security incidents by reviewing relevant security data, coordinating with impacted application owners and users and implementing or arranging remediation actions.

 

Job Description :-

 

Preferred Knowledge

Demonstrates proven expertise and success in incident handling, triage of events, network analysis and threat detection, trend analysis. Should have the following skills:

  • Deep understanding of computer intrusion activities, incident response techniques, tools, and procedures
  • Knowledge of Windows, Active Directory, DNS & Linux operating systems,
  • Good Experience in SOC monitoring though Splunk SIEM
  • Knowledge of SOAR technologies, working with playbooks (Cortex, Phantom, Demisto)
  • Working experience and knowledge of ITSM tools for incident management.
  • Must be action oriented and have a proactive approach to solving issues.
  • Knowledge of security logs, log quality review.
  • Knowledge on IT (Operating systems, networking, databases) and IT security knowledge (system and network security) including IT security tools.
  • Good knowledge of office collaboration tools .

 

Responsibilities & Duties

 

Delivery

  • Detect, Analyze, Investigate, and report qualified security incidents to the Client as per the defined SLA
  • Provide recommendations to the security incidents reported as per SLA
  • Investigates incidents using various security event sources (FW, IDS, PROXY, AD, EDR, DLP etc.).
  • Investigations into non-standard incidents and execution of standard scenarios.
  • Provide dashboard and data related to Incidents/Offenses for governance reports.
  • Escalates to L2 if investigations uncover unusual or atypical situations.
  • Perform system health check of security monitoring devices & report anomalies to admin/engg team.
  • Escalation to client Management if the incidents are not closed by client as per the escalation metrics
  • Closure of incidents on ITSM tool with accurate resolution comments to determine true positive and false positive classification.
  • Monitoring unhealthy log source/data source and escalate to engineering team to fix them.

 

Required :-

 

  • Overall experience of at least 2+ years in SIEM monitoring and  Cyber security Incident response and Management
  • Hands-on experience with security tools and devices, operating systems, and/or networking devices desired.
  • Proven skills and experience in log analysis, incident investigations 
  • Experience working across diverse teams to facilitate solutions
  • Experience working with Security practitioners
  • Willingness to working 24/7 environment in rotating shifts.

Bachelors Degree in Engineering or equivalent English: Fluent 

 

Preferred :-

Bachelors/Masters Degree 

Certifications like ECSA, ECIH, Security+ & GIAC is preferred

 

Facilities Provided :-

  1. Door to door pickup and drop facility is available or Can claim for Travel reimbursements.
  2. 24x7 canteen will be made available (Shift timings - 11:30 AM- 20:30 PM, 19:30 PM 4:30 AM, 3:30 AM 12:30 PM )

 

Regards,

Shweta Das

Talent Acquisition | Risk Advisory

Mumbai- IThink, Lodha Amara IThink Tower,

Kolshet Road,Sandoz Baug, Thane West, Maharashtra 400607

shwedas@deloitte.com | www.deloitte.com

 

Apply now »