India, Karnataka, India
Education & Relevant Experience (in brief):
· Any Graduate from any discipline with good academics. Preferably Computer Science academics as it shall yield higher weightage.
· Broad Information Security knowledge with regards to IT & Security Infrastructure, Operations and Service Delivery.
· Exposure to Active Directory, Access Control, Network Security, Security Incident Response, Root Cause Analysis and Service Management.
· Exposure to IDS/IPS, end-point security, vulnerability scanners, web application firewalls, DNS security tools, Endpoint Threat Detection, Email and Web Sandboxing
· Exposure to Service Management including Problem, Change & Incident Management.
· Exposure towards Vendor requirements, implementation/integration & Support management.
· Certified on ITIL standards, preferably Version V3 & above.
· Relevant Cyber Security related certifications (CEH, CISSIP, GIAC etc.) & any product certifications would be an advantage.
· Ability to meet objectives under minimal supervision.
· Ability to mentor, develop, and improve advance analytical security skills within team.
· Ability to work in a shift rotation as required to support global Kennametal colleagues.
· Being comfortable in a fast-paced environment and able to prioritize workload based on customer need and security risk.
· Excellent problem solving, collaboration, and communication skills.
· Excellent oral and written communication skills with the ability to communicate with global team members.
The listed position requires experience performing incident response and network security monitoring using various technologies that may include IDS/IPS, Firewalls, Web Filtering, Security Monitoring tools and related products. The successful candidate shall be a detail oriented, critical thinker who can anticipate issues and solve problems. This individual should be able to analyze large data sets to detect underlying patterns. He shall be wworking under supervision by the local Security Lead in India, the incumbent will be responsible for security operations, projects & enhancements. This shall include the below which is not limited to and extends further based on requirement:
· Exposure to different Operating Platform Analysis including Mobile/Desktop/Laptop/Tablet environment.
· Strong experience on protocol suites (TCP/IP & other related protocols) and, security architecture, and remote access security techniques/products.
· Understanding of attack vectors, staged attacks, prolonged attacks and packet capture analysis. Based on this, propose signature or IOCs (Indicators of Compromise) logics and work towards deployment support with respective security vendors.
· Respond to cyber security incidents and escalate when necessary as well as coordinate response to those. Recommend a course of action on each incident. Creates, manages, and records all actions taken by Incident Response Team.
· Serve as POC for Events of Interest reported along with the SOC team.
· Ensure Cyber Security Incident escalation process. Tracks, follows-up, and resolves incidents along with internal teams during investigation and mitigation.
· Produce Threat Alerts/Advisories, bulletins, assessments, or profiles of infection vectors or actors with industry standards in a timely and contextual manner.
· Initiates and maintains a notification mechanism with all the aligned Stakeholders Cyber Security Incident Response lifecycle.
· Investigates potential incidents/intrusions and follows up on post incident actions.
· Experience performing open source research using sources like Virus Total, Far-sight, OpenDNS, Domain Tools, Recorded Future, and social media to be aligned with organization relevancy.
· Exposure to Malware Analysis, Detection techniques (Heuristic/Traditional/Generic), Log Analysis (All Types) and event correlation analysis.
· Expertise on Containment, Remediation, Mitigation & Post Incident Activities.
· Expertise on performing Root cause analysis/Attack vectors of infection.
· Expertise on working with vendors for Security Incidents, threat capabilities, signature updating process and zero-day threats.
· Understand, propose and build correlation rules for detection of security incidents.
· Contribute to the development of and manage information security monitoring tools, techniques, and control activities defined by the company.
· Vulnerability Management - Identify applications and assets, provision them to identify vulnerabilities, and subsequent findings on scheduled scans. Based on findings, threat intelligence, & investigation work with internal asset owners for remediation
· Management of Cyber Security Policies (Internal/External), Configurations, procedures and standard operating processes for Security Operations Delivery.
· Knowledge & exposure to Public Key Infrastructure.
· Contributions to & fro to various Security Forums, researchers & Audit Entities.
· Security Reporting process
· Security Compliance Reviews (End User/Contractor/Vendor Account Provisioning, FTP, and other Security Policy Services).
· Knowledge on Security GRC (Governance, Risk & Compliance) based on various industry specific IT Security Process Controls in ISO27001 and other guidelines/standards. Able to understand Security loop holes and propose respective controls.
· Exposure to the tools Security tools mentioned as below is required:
o Palo Alto Networks Firewall Security monitoring and administration or any other related tools such as SonicWall, McAfee, Cisco, Watchguard etc.
o SecureWorks security monitoring and incident response or other related tools such as McAfee, Symantec, Sourcefire, Proventia, Netscreen etc.
o QyalysGuard Express Vulnerability Scanning or any related product such as Secure Scan etc.
o CyberArk Privileged Identity Management
o F5 – VPN Security or any related products such as Cisco, SonicWall, Citrix etc.
o FTP Security
o AIX / Linux Security
o Honeypot / Sandboxing Technologies
Keywords – Cyber Security Incident Response, Web Firewall/Filtering such as Palo Alto, IDS/IPS such as Secure Works, CyberArk (PIM Solution), Correlation Rules Review, Log / Packet Capture Analysis & proposal.