Job Description

At EY, you\xe2\x80\x99ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we\xe2\x80\x99re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.
Senior (CTM \xe2\x80\x93 Threat Detection & Response) KEY Capabilities:

• Excellent teamwork skills, passion and drive to succeed and combat Cyber threats
• Work collaboratively with other team members to find creative and practical solutions to customers\xe2\x80\x99 challenges and needs.
• Expertise in design, implementation and operation of SIEM solution such as Sentinel, IBM QRadar, Exabeam, Securonix and Splunk (including migration from one SIEM to another)
• Provide consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment.
• Perform remote and on-site gap assessment, customization, installation, and integration of the SIEM solution.
• Knowledge of cyber threat intelligence
• Experience in several of the following areas cybersecurity operations, network security monitoring, host security monitoring, malware analysis, adversary hunting, modern adversary methodologies, all source intelligence analysis, analytical methodologies, confidence-based assessments, and writing analytical reports.
• Working knowledge of Cuckoo, CAPE, or any other sandbox platforms
• Experience with security orchestration automation and response tools (Phantom, Resilient, Demisto) and incident response platforms/DFIR toolsets
• Experience with threat hunting using cyber threat intelligence by analyzing large and unstructured data sets to identify trends and anomalies indicative of malicious cyber activities.
• Expertise in SIEM content development which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems
• Willing to learn new technologies and take up new challenges. Assist in developing high-quality technical content such as automation scripts/tools, reference architectures, and white papers.
• Assist in responding to the RFPs and preparation of Project Plan
• Expertise in integrating critical devices/applications including unsupported (in-house built) by creating custom parsers
• Good knowledge in threat modelling. Experience in creating use cases under Cyber kill chain and Mitre attack framework
• Knowledge in Network monitoring technology platforms such as Fidelis XPS or others
• Knowledge in endpoint protection tools, techniques and platforms such as Carbon Black, Tanium, Microsoft Defender ATP, Symantec, McAfee or others
• Expertise in any User Behavior Analytics platform or App such as
  • Splunk User Behavior Analytics
  • Exabeam User Behavior Intelligence
  • Securonix UBA
• Below mentioned experiences/expertise on Sentinel will be added advantage
  • Develop a migration plan from Splunk/QRadar/LogR to Azure Sentinel
  • Deep understanding of how to implement best practices for designing and securing Azure platform
  • Experiencing advising on Microsoft Cloud Security capabilities across Azure platform
  • Configure data digestion types and connectors
  • Analytic design and configuration of the events and logs being digested
  • Develop, automate, and orchestrate tasks(playbooks) with logic apps based on certain events
  • Configure Sentinel Incidents, Workbooks, Hunt queries, Notebooks

Qualification & experience:

• Minimum of 5 to 11 years\xe2\x80\x99 experience with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated security intelligence solution into global enterprise environments.
• Strong oral, written and listening skills are an essential component to effective consulting.
• Strong background in network administration. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary.
• Must have knowledge of Vulnerability Management, basic Windows setup, Windows Domains, trusts, GPOs, server roles, Windows security policies, basic Linux setup, user administration, Linux security and troubleshooting.
• Good to have experience in handling big data integration via Splunk or other SIEM
• Good to have experience in Malware Analysis and Incident Response
• Good knowledge in programming or Scripting languages such as Python, JavaScript, Bash, PowerShell, Bash, Ruby, Perl, etc
• Must have honours degree in a technical field such as computer science, mathematics, engineering or similar field
• Minimum 4 years of working in a security operations center
• Certification in any one of the SIEM Solution such as IBM QRadar, Exabeam, Securonix and Splunk is a must
• Certifications in a core security related discipline will be an added advantage.

EY | Building a better working world

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.

Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.