Over the last 20 years, Ares’ success has been driven by our people and our culture. Today, our team is guided by our core values – Collaborative, Responsible, Entrepreneurial, Self-Aware, Trustworthy – and our purpose to be a catalyst for shared prosperity and a better future. Through our recruitment, career development and employee-focused programming, we are committed to fostering a welcoming and inclusive work environment where high-performance talent of diverse backgrounds, experiences, and perspectives can build careers within this exciting and growing industry.
Job Description
Primary functions and essential responsibilities
Plan and execute regular incident response and postmortem exercises, with a focus on creating measurable benchmarks to show progress (or deficiencies requiring additional attention).
Ability to clearly identify, capture, articulate, design, implement, and maintain security operations uses cases.
Manage security event investigations and partnering with other departments as needed
Coordinate resources during incident response efforts, assists with classifying security events, direct and guide remediation, support documentation as needed
Experience working with SOAR to automate repetitive tasks and drive efficiencies allowing analysts to work on more advanced tasks.
Conduct forensic investigations, identify systems of interest and direct data acquisition, analysis and containment measures
Conduct network forensics, intrusion analysis, malware analysis and reverse engineering, threat intelligence fusion (wherever possible/ required) to identify the root cause / patient zero
Build knowledge and skills within the team on latest forensic tools, endpoint threat detection tools, technologies and techniques on an ongoing basis
Evaluate and update SOC runbooks, playbooks, and procedures as appropriate.
Develop metrics and scorecards to measure risk to the organization, as well as effectiveness and efficiency of SOC associate.
Prepare reports of analysis and results to provide briefings to management
Responsible for managing security incidents identified by internal controls or external SOC partners.
Train, mentor and motivate junior team members
Lead investigations, identification, scoping, and reporting on cyber threats.
Create detailed timelines and incident documentation during and after investigations
Proficient in Incident Response and automation workflows as it relates to Security Operations
Conduct Reactive threat hunting and analysis using various toolsets based on intelligence gathered
Partner with the Security Engineering team to improve tool usage and workflow, as well as with the advanced threats and assessment team to mature monitoring and response capabilities.
Participate in Purple and Blue teaming activities
Perform Security Incident Campaign analysis
Support continuous security controls testing and validation program
Engage with tuning of alerts to help improve their fidelity
qualifications
Education:
Bachelor’s degree in Computer Science, Information Technology, Business or equivalent discipline
Professional Certifications like GSEC, GCIA, CISSP, OSCP, etc., will be a plus
Skills:
Excellent communication skills with the ability to influence other teams
Good understanding of the offensive and defensive side of security
Driving measurable improvement in monitoring and response capabilities at scale
Strong team player - collaborates well with others to solve problems and actively incorporates input from various sources.
Analytical and problem-solving mindset with demonstrated effective decision-making skills
Works calmly under pressure and with tight deadlines
Track record of successful personnel management
Is proactive and highly trustworthy; leads by example
Experience Required:
6+ years of experience in cybersecurity operations and incident response, or with a reputed Services / consulting firm offering security operations consulting, or equivalent experience
Experience in SOAR (Security Orchestration Automation Response) platform preferred, but not mandatory
Experience as a mentor and trainer of team members
Experience with one or more Security Information and Event Management (SIEM) solutions
Demonstrated proficiency in incident response and forensic investigation using a variety of toolsets and methodologies
Experience in investigations using formal chain-of-custody methods, forensic tools and best practices
Experience in scripting languages such as Powershell or Python shall be a plus
Experience in server and mobile forensic tools such as Autopsy, FTK, Encase, Oxygen, Cellebrite, Wireshark, RAM analysis, Registry analysis tools etc
Experience in investigating complex, multi-location security breaches and creation of detailed forensic investigation reports and presentations for variety of stakeholders
General Requirements:
Candidate should be willing to work majorly in SGT (Singapore Business Hours) or occasionally in other shifts as required by SOC Management
Candidate should be able to work from Ares Office located in Mumbai
Experience with one or more Security Information and Event Management (SIEM) solutions
Understanding of common Attack methods and their SIEM signatures
Experience in security monitoring, Incident Response (IR) and security remediation
Experience working with Endpoint Detection and Response (EDR), User and Entity Behavioral Analysis (UEBA) and Network behavior anomaly detection (NBAD)
Strong knowledge and experience in Security Event Analysis capability
