Security Engineer – Threat & Vulnerability

Job description

·  Job Description:

Role Description :

The resource hired for this role will be responsible for Threat & Vulnerability Management (TVM) and Digital Forensics & Incident Response (DFIR).

For TVM, the resource will align with L1/L2 monitoring team to keep a watch on the threat landscape. He will be responsible for developing and maintaining an effective threat model for the whole infrastructure. The resource will perform vulnerability scans and work with the other teams to ensure proper mitigation of the findings in the report.

For DFIR, the resource will evaluate the tools deployed in cyber-attacks as well as ascertain the tactics, techniques and procedures used by cyber-criminals. Research the latest malware families, malware distribution techniques such as exploit kits and phishing campaigns, botnets, develop tools, conduct independent research, perform detailed malware analysis, analyze cyber threat data, create intelligence reports, and provide support to customer requests. In addition, they are also expected to manage and mentor the L1/L2 analysts.

Responsibilities :

Threat Management:

·  Responsible for administration and maintenance of IPS and EDR solutions.
·  Develop and maintain an effective and working threat model based on the Infrastructure.

Vulnerability Management:

·  Responsible for VA & PT activities on OS, Web Apps, Mobile Apps, Infrastructure Devices, and Databases.
·  Perform periodic vulnerability scans to ensure compliance to various standards like PCI, ISO27001, NESA, etc. Filter out false positives, publish report and work with respective teams for patching.
·  Involved in Release Management and perform VA scans on pre-release applications or patched application versions. Work with the relevant teams to fix all Critical and High vulnerabilities before roll-out in production.
·  Perform ad hoc scans on target systems as part of RCA, if required during an incident.
·  Interact with all other Operations teams (Application, Infrastructure, Network, etc.) to ensure all reported vulnerabilities are accepted by them for mitigation.
·  Participate in Red Team and perform periodic Penetration Tests to identify weaknesses in the infrastructure that can be exploited.

Digital Forensics:

·  Responsible for DFIR function of the SOC.
·  Use specialized equipment and techniques to catalogue, document, extract, collect, package, and preserve all original evidence of an incident
·  Provide Malware Analysis capabilities. This includes Dynamic Analysis, Static Analysis, Binary analysis and Reverse Engineering.
·  Extract IOCs from malware attacks and update SIEM with the same.
·  Determine TTPs for all confirmed intrusions.

Incident Response:

·  Conduct detailed scope analyses and provide containment recommendations for all confirmed incidents.
·  Provide RCA and Mitigation steps for all confirmed incidents.
·  Work with external/internal stake-holders to ensure containment and mitigation of all incidents.
·  Perform retrospective analysis of incidents handled and closed by L2 analysts.
·  Responsible for owning all confirmed incidents. This includes publishing Incident Report, documenting Lessons Learnt and updating Knowledge Base.

Eligibility :

·  At least 10 years’ experience in cyber-security.
·  At least 7 years’ experience in SOC.
·  At least 5 years of experience in Finance Sector.
·  Solid understanding of standards like PCI: DSS, PA: DSS, ISO, NESA, NIST etc.
·  Hands-on experience in Vulnerability Assessments using Qualys, Rapid7, Nessus, etc.
·  Expertise in Manual Penetration Testing as well as handling various tools associated with the Penetration Testing like Metasploit, Burpsuite, WireShark, W3af, AirCrack etc.
·  Hands-on experience in administration of IPS systems. Experience in McAfee NSM preferred.
·  Hands-on experience in administration of EDR solution. Experience in Palo Alto traps preferred.
·  Advanced knowledge about Threat Modelling Frameworks like STRIDE, PASTA etc.
·  Expertise in Malware Analysis and deployment of associated tools.
·  In-depth knowledge of Unix and Windows OS platforms. Well versed with Unix commands.

Preferred Skillsets

·  Hands-on experience in developing Yara/Snort/Bro rules.
·  Scripting capabilities using Python, java script etc.
·  Good understanding of Security Architecture.
·  Good understanding of all Security Technologies and ability to assess them for Configuration and Compliance Conformance.
·  Ability to understand client requirement and deliver in a time-bound manner.

Certifications :

·  Vulnerability Management product certifications (Qualys, Rapid7, Nessus, etc.)
·  SANS GREM or equivalent
·  SANS GCFA or equivalent
·  SANS GPEN or OSCP or equivalent