SOC Incident Responder

• Providing first line response to customer alerts and ensuring internal security teams are alerted
•  Responsible for handling day-to day operations to monitor, identity, triage and investigate security events from various Endpoint (EDR), Network and Cloud security tools and detect anomalies, and report remediation actions
•  Responsible for detecting and responding to security incidents, coordinating cross-functional teams to mitigate and eradicate threats
•  Responsible for triaging security incidents and conducting response actions to detect, contain and remediate identified security incidents
•  Analyze firewall logs, server, and application logs to investigate events and incidents for anomalous activity and produce reports of findings
•  Conduct reviews and analysis of proxy logs, Microsoft Windows and Active Directory logs, and malicious code to identify, contain, eradicate, and ensure recovery from incidents
•  Responsible for handling security incidents reported by third parties or external security researchers
•  Determine root cause analysis and create post-mortem report for security incidents
•  Track security events and incidents in SOAR tool
•  Develop and document threat driven response playbooks to support security incidents
•  Provide knowledge sharing, mentoring, and support of team members
•  Maintain current knowledge and understanding of the threat landscape and emerging security threats
•  Assist in the creation and maintain Autodesk Security Response Centre's process and tools documentation
•  Provide support as on-call personal during security incident
•  Responsible for working in a 24/7 environment including night shifts and the shifts are decided based on the business requirement.
•  Maintain a high level of confidentiality and Integrity.
• Effectively investigative and identify root cause findings then communicate findings to stakeholders including technical staff, and leadership
•  Author Standard Operating Procedures (SOPs) and training documentation when needed
•  Generates end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty.
•  Should be comfortable to be part of 24*7 SOC services.

Educational qualifications:

• Bachelor’s degree relevant to Information Technology, Computer Science/Engineering (or equivalent).
• Advanced interpersonal skills to effectively promote ideas and collaboration at various levels of the organization
•  One or more security-related certifications from any of the following organizations: SANS - [GCIH, GCFE, GCFA], AWS, Azure Cloud security Certifications or equivalent are desired

Experience:

• Minimum 3+ years of cyber security experience in incident response and Overall 7 to 13 Years experience in Cyber Security
• Technical depth in one or more specialties including: Malware analysis, Host analysis and Digital forensics.
•  Strong understanding of Security Operations and Incident Response process and practices
•  Experience performing security monitoring, response capabilities, log analysis and forensic tools
•  Strong understanding of operating systems including Windows, Linux and OSX
•  Experience with SIEM, SOAR, EDR, Network, AWS, and Azure security tools
•  Experience with IR and Forensic investigations within Cloud environments such as AWS and Azure
•  Experience with one or more scripting languages (PowerShell, Python, Bash, etc.)
•  Excellent critical thinking and analytical skills, organizational skills, and the ability to work as part of a team
•  Excellent verbal and written communication skills
•  Should be comfortable to be part of 24*7 SOC services.
• 5.5 Working Days