Lead Cybersecurity Incident Response Analyst

Lead Incident Response Analyst

Job Description

Your Responsibilities::
Under managerial guidance, the Lead Incident Response analyst will lead daily work activities of the Cyber Incident Response team. They will report to the Manager of the Cyber Threat action Center. In addition, they will partner with peers and other managers in Cyber Threat Intelligence, Attack Surface Management, Security Operations Center, and other IT teams to lead the investigation and validation of escalated security events and lead the performance of incident response activities using established processes and procedures. 

• Applies comprehensive knowledge and a thorough understanding of Incident Response concepts, principles, and technical capabilities
• Leads the daily work activities of the Incident Response team
• Collaborating with peers across Information Security to ensure effective, precise, and rapid response
• Ensures the team is focused on their immediate daily priorities and are acting according to the established policies and procedures.
• Leads technical interactions with IT Partner(s) services and outcomes related to cyber security services, i.e. advises the appropriate technical response to security alerts. Notifies managers if the vendor’s technical performance is not performed to standard.
• Point of technical escalation from within the Incident Response team to drive all cyber incidents managed by the team partner closely with GICS leadership.
• Staying up to date with new security capabilities and providing recommendations best suited and prioritized for appropriate cyber response.
• Influencing tactical direction of the Information Security program.
• Perform and provide oversight of analysis and trending of security log data from enterprise security devices & systems
• Provide Incident Response (IR) support when analysis suspects security incident to help contain and eradicate threats.
• Perform incident triage, incident response, and forensic investigations across endpoints and cloud environments
• Conduct technical examinations of computer-based evidence include logs, packet captures, SIEM & IDS events, disk forensics, malware analysis, and more
• Document incidents from initial detection through final resolution and present the findings to GICS leadership.
• Investigation, document, and report on cyber security issues
• Integrate and share information with other analysts and other teams
• Work with SIEM administrators and security tool SMEs to build detections to help proactively identify real world threats across a broad range of technologies and log sources
• Creating and continuous improvement of standard processes and operating procedures and incident response playbooks
• Ability to work in a hybrid managing services environment utilizing various partners

City

Bengaluru

State

Karnataka

Location Country

India

Your Profile:

• Excellent verbal and written communication skills, including ability to effectively communicate with internal and external customers
• Ability to communicate and collaborate effectively with other team members in a geographic and culturally diverse workforce          
• Ability to work independently and prioritize work using the guidance of leadership.
• Strong knowledge of IT, computer science concepts
• 5+ years’ experience in cyber incident response, or similar cyber field, including experience with security principles, and defense-in-depth techniques.
• Bachelors’ degree in IT related major, Information Security Major, or equivalent work experience.
• Possess functional knowledge and administrative experience on Windows and Unix/Linux Platforms.
• Proficiency and understanding of SIEM, Endpoint Detection and Response, Identity, Cloud, and Network technologies
• Proven experience in disk forensics, static and dynamic malware analysis, packet analysis.
• Proven experience in technical and non-technical techniques used by cyber adversaries to attack and achieve their cyber goals.
• Strong sense of professionalism and ethics.
• Expected to work occasional nights, weekends, holidays, and overtime.
• Expected to perform on-call duties
• Experience in leading teams as individual contributor/lead capacity
• Demonstrated Information Security understanding and specifically industry best practices for Incident Response
• One or more Information Security Certifications preferred, but not required: CISSP or CISM
• Bachelor’s degree in related field, or equivalent work experience.
• Prior experience as a senior contributor leading team efforts preferred
• Experience in Security Operations in medium to large enterprise
• Knowledge and execution of cyber incident response
• Experience and understanding of best-in-class Security Operations Center (SOC) operates

Desired Skills:

• CISSP, SANS certifications, or security related CompTIA certifications, or other industry certifications a plus
• Experience with incident response in SCADA, DCS, or PLC environments is a plus
• Experience with incident response in SAP is a plus
• Experience with Microsoft Defender Suite is a plus
• Bachelor’s Degree in related Cyber studies or 5+ years of equivalent experience.

About ADM

At ADM, we unlock the power of nature to provide access to nutrition worldwide. With industry-advancing innovations, a complete portfolio of ingredients and solutions to meet any taste, and a commitment to sustainability, we give customers an edge in solving the nutritional challenges of today and tomorrow. We’re a global leader in human and animal nutrition and the world’s premier agricultural origination and processing company. Our breadth, depth, insights, facilities and logistical expertise give us unparalleled capabilities to meet needs for food, beverages, health and wellness, and more. From the seed of the idea to the outcome of the solution, we enrich the quality of life the world over. Learn more at www.adm.com.

Experience Level

Senior Level