Cyber Security Incident Response Specialist

Specialist - Cyber Security Incident Response

Company:

Marsh Corporate

Description:

We are seeking a talented individual to join our GIS Team at Marsh. This role will be based in Gurgaon. This is a hybrid role that has a requirement of working at least three days a week in the office.

Specialist - Cybersecurity Detection Content Engineer

We will count on you to:

As a Cybersecurity Detection Content Engineer, your role will primarily be supporting the ServiceNow Security Incident Response module. This support includes creating new dashboards, reporting, automation, playbooks, and more. Secondary role will be supporting the SIEM alerting.

You will collaborate with colleagues throughout Global Information Security and Technology Infrastructure to develop and improve threat detection logic, enhance response capabilities, and deploy new tools - all while maintaining and advancing Marsh's Global Cyber Defense mission.

What you need to have: 

• Engineer dashboards and reporting to support the mission of Marsh's Global Cyber Defense.
• Design playbooks and automations to improve efficiencies within Global Cyber Defense.
• Create and maintain documentation for processes and procedures.
• Inform log ingestion requirements for Detection Engineering use case development.
• Work with colleagues throughout Global Information Security and Technology Infrastructure to develop and improve threat detection logic, enhance response capabilities, and deploy new tools.
• Research new attack techniques to improve detection logic.
• Maintain and enhance the current ServiceNow Security Incident Response environment.
• Manage the Security Detection Lifecycle (maintain, tune, deprecate, etc.).
• 4+ years of information security experience and/or 4+ years of experience in development in a non-security focused role.
• Experience with ServiceNow Security Incident Response Module.
• Undergraduate degree in Computer Science (CS), Computer Information Systems (CIS), other related degrees, or equivalent experience.
• Demonstrated experience with programming languages (e.g., Python, PowerShell) for automation.
• Experience with security technologies and alerts, such as SIEM, SOAR, EDR, intrusion prevention/detection systems, web proxies, firewalls, web application scanners, and vulnerability scanners.
• Implementation and customization of Security Orchestration, Automation, and Response (SOAR) platforms.
• Knowledge in one or more of the following domains: Network Operations and Architecture, Operating Systems, Identity and Access Management, Programming, Cloud Computing, Databases, or Cryptography.

What makes you stand out?

• Excellent critical thinking skills, with proven analytical expertise and the ability to learn adaptively.
• Demonstrated effective verbal, written, and interpersonal communication skills with the ability to communicate security concepts to both technical and non-technical audiences.
• Experience analyzing and articulating cyber attacks.
• Ability to operate independently in a dynamic, evolving environment with multiple inputs and tasks simultaneously.
• Knowledge of common attacks, current threats, threat actors, and industry trends.
• Familiarity with common security frameworks and models, such as MITRE ATT&CK, Lockheed Martin Cyber Kill Chain, The Diamond Model of Intrusion Analysis, and NIST Cybersecurity Framework.
• Previous automation projects related to the security space.
• Working knowledge with multiple SIEMs and EDRs.

Why join our team:

• We help you be your best through professional development opportunities, interesting work and supportive leaders.
• We foster a vibrant and inclusive culture where you can work with talented colleagues to create new solutions and have impact for colleagues, clients and communities.
• Our scale enables us to provide a range of career opportunities, as well as benefits and rewards to enhance your well-being.

Marsh (NYSE: MRSH) is a global leader in risk, reinsurance and capital, people and investments, and management consulting, advising clients in 130 countries. With annual revenue of over $24 billion and more than 90,000 colleagues, Marsh helps build the confidence to thrive through the power of perspective. For more information, visit corporate.marsh.com, or follow us on LinkedIn and X.

Marsh is committed to embracing a diverse, inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age, background, caste, disability, ethnic origin, family duties, gender orientation or expression, gender reassignment, marital status, nationality, parental status, personal or social status, political affiliation, race, religion and beliefs, sex/gender, sexual orientation or expression, skin color, or any other characteristic protected by applicable law.

Marsh is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one “anchor day” per week on which their full team will be together in person

Marsh (NYSE: MRSH) is a global leader in risk, reinsurance and capital, people and investments, and management consulting, advising clients in 130 countries. With annual revenue of over $27 billion and more than 95,000 colleagues, Marsh helps build the confidence to thrive through the power of perspective. For more information, visit corporate.marsh.com, or follow us on LinkedIn and X.Marsh is committed to embracing a diverse, inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age, background, caste, disability, ethnic origin, family duties, gender orientation or expression, gender reassignment, marital status, nationality, parental status, personal or social status, political affiliation, race, religion and beliefs, sex/gender, sexual orientation or expression, skin color, or any other characteristic protected by applicable law.Marsh is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one “anchor day” per week on which their full team will be together in person.

Experience Level

Mid Level