Role: Cyber Security Operation(Forensic Analyst)
Experience: 4 year+
Location: Mumbai
Job Description.
Resource-1
1. Threat hunting on Trend Micro XDR
a. Reviewing Workbench incidents and Observed Attack Techniques.
b. Running cross-layer queries in Data Explorer.
c. Analyzing Execution Profiles.
d. Sweeping environment for specific Indicators of Compromise (hashes, IPs, domain names) provided by external threat intelligence.
- Usecase/Dashboard creation and fine-tuning
across multiple consoles.
- Incident investigation/RCA
Resource-2
1. Threat Hunting on Azure Sentinel
a. Correlating data across different tables using KQL
b. Analysis of Microsoft Entra ID events (SigninLogs, Risky users)
c. Analysis of AzureActivity, AuditLogs..
- Usecase/Dashboard creation and fine-tuning
across multiple consoles.
- Incident Analysis/RCA
CSOC
Senior Digital Forensic Analyst
General Shift
L2 (4+ years)
Resource-1
1. Threat hunting on Trend Micro XDR
a. Reviewing Workbench incidents and Observed Attack Techniques.
b. Running cross-layer queries in Data Explorer.
c. Analyzing Execution Profiles.
d. Sweeping environment for specific Indicators of Compromise (hashes, IPs, domain names) provided by external threat intelligence.
- Usecase/Dashboard creation and fine-tuning
across multiple consoles.
- Incident investigation/RCA
Resource-2
1. Threat Hunting on Azure Sentinel
a. Correlating data across different tables using KQL
b. Analysis of Microsoft Entra ID events (SigninLogs, Risky users)
c. Analysis of AzureActivity, AuditLogs..
- Usecase/Dashboard creation and fine-tuning
across multiple consoles.
- Incident Analysis/RCA
- Investigation and analysis of complex security incidents to determine root cause, attack progression, remediation steps.
- Perform advanced analysis and tuning of SIEM detection and correlation rules across platforms such as Microsoft Sentinel, LogRhythm, and Palo Alto XSIAM.
- Conduct deep-dive log analysis to identify advanced indicators of compromise (IOCs) and attacker techniques across endpoint, network, cloud, and identity logs.
- Execute advanced triage, validation, and investigation of alerts from Microsoft Sentinel, Microsoft Defender XDR, GCP, and other integrated security tools.
- Perform detailed timeline reconstruction and cross-source correlation to identify lateral movement, persistence, and data exfiltration activities.
- Support and execute incident response activities including containment recommendations, evidence acquisition, chain-of-custody handling, and post-incident analysis.
- Develop and execute structured threat-hunting activities using hypotheses aligned with MITRE ATT&CK and emerging threat intelligence.
- Gather forensic artifacts of disk images, memory dumps, and log artifacts from compromised systems.
- Strong understanding of Digital Forensics and Incident Response (DFIR) methodologies.
- Hands-on experience with file system forensics (NTFS, EXT, FAT32) including deleted file recovery, metadata, and artifact analysis.
- Ability to analyze and improve SIEM detection logic and reduce false positives through tuning and validation.
- Ability to perform Threat Hunting aligned with MITRE ATT&CK Standards.
- Proficiency in Linux and Windows environments with scripting capabilities in Python, PowerShell, and Bash for automation and analysis.
- In-depth understanding of security threats (preferably OWASP Top 10 vulnerabilities
- Basic experience with SIEM platforms such as Azure Sentinel, LogRhythm, XSIAM and Wazuh.
- Understanding of security tools like – HIPS/NIPS, Network Monitoring tools, Cloud Security, AV, EDR, WAF.
- Strong Understanding of Cloud Security for cloud such Azure, GCP and AWS.
- BE/B Tech in Computer Science/Information Technology, or MCA
- Certifications such as GCED, GCIA, CEH, OSCP, or equivalent DFIR-focused certifications preferred.
CSOC
2
Jitendra Tripathi
