Tech Lead - Cybersecurity professional
- Full-time
Company Description
Sutherland is a global leader in driving business and digital transformation, and exceptional experiences along the entire journey of our client’s engagement with their customers. With over 35 years of experience, we combine deep domain expertise and extensive knowledge in proven optimization with both proprietary and partnered tools and platforms to drive growth, efficiency, and productivity across organizations.
Sutherland brings together our people, processes, products and platforms across cognitive artificial intelligence (AI), intelligent automation, advance analytics and digital services to create unique solutions for the industries that we service. The core values of remaining agile, outside-the-box thinking, uncompromising integrity and flawless execution are key pillars of the company.
We serve marque brands across Healthcare, Insurance, Banking and Financial Services, Communications, Media and Entertainment, Technology, Travel and Logistics and Retail. Sutherland has 212 unique and independent inventions associated with several patent grants in critical technologies in the US and UK. Leveraging this IP and combining it with our platforms, domain expertise, engineering and digital expertise and collaborative partnerships, we are a team of 40,000 delivering tailored services and solutions driving tangible results at scale for our clients.
Job Description
Job description
Tech Lead - Cybersecurity professional
We are currently seeking for an Information Security Professionals (Security Analyst – Associate Professional) Monitoring, Operational Detection, Analysis and Response to join our Information Security Incident Management team based in India.
Key Responsibilities:
- Incident Response Process - Owns the critical process steps - detection, validation, containment, remediation, and communication - for computer-based security events and incidents such as DLP logs, Proof point logs, Malware etc,
- Drives our strategy for SIEM and oversees the effectiveness of the technology and process. Involves appropriate tuning, correlation of critical logs, connection to our incident response process, and reporting of relevant metrics.
- Respond to critical security incidents and lead escalation teams to close with response, containment and remediation.
- Create, maintain and promote a set of CSIRT operation playbooks to effectively trigger and execute the security incident
- Monitor Security event logs and provide security control enhancement recommendations based on security incident data
- Respond and perform technical security investigations on security incidents, root cause analysis, recommend and mitigate the effects caused by an incident
- Communicate and build effective relationships with people at all levels
- Responsible to manage and drive to closure all Audit issues to the Incident Response and Management process
- Analyze large and unstructured data sets to identify trends and anomalies indicative of malicious activities
- Provide situational awareness on the current threat landscape and the techniques, tactics and procedures associated with specific threats
Required Candidate profile
Job Requirements:
- Bachelor's or master’s degree in Computer Science, Information Systems or equivalent qualification.
- At least 7-8 years of directly related experience in Information Security and Incidence Response,
- Strong knowledge of Information Security, networking and fundamentals
- In-Depth knowledge of various types and techniques of cyber-attacks
- Experienced with command-line interfaces
- Experience in Log monitoring, Event analysis, data correlation, detection and prevention systems, firewalls, and DDOS prevention solutions.
- Strong experience in Data Loss Prevention, Email Monitoring etcs,
- Strong experience in SIEM (Qradar, Splunk, ArcSight, Chronicle, RSA), Real Time Log monitoring in the Security Operations Centre for different devices, analyzing security breaches to find the root cause.
- Strong experience in using SIEM tools Qradar, Splunk, ArcSight, Chronicle etc to analyze the real and historical logs from all the network and security devices.
- Proactively and interactively searching through networks and data sets to detect threats with the Machine Learning Algorithm models.
- Monitor systems for signs of suspicious activities using advanced analytics tools, and proactively identifying potential risks.
- Hands-on experience in threat hunting on Network level and Log Investigation to provide the complete investigation report with remediation
- Hands-On experience working with EDR, M365, McAfee DLP, Proof Point (TAP/TRAP) etc.
- Hands-On experience working with Forensic analysis tools (Encase, FTK, Volatility etc)
- Hands on experience with ServiceNow, or other ticketing tools is required.
- Having worked in a Security Operation Center / Command Center is desired
- Excellent command of English, both written and verbal
- Excellent problem-solving skills with the ability to diagnose and troubleshoot technical issues
- Customer-oriented with a strong interest in customer satisfaction
- The ability to learn new technologies and concepts quickly
Qualifications
Bachelor's or master’s degree in computer science, computer engineering, cybersecurity, Information Systems or equivalent qualification.
Additional Information
All your information will be kept confidential according to EEO guidelines.