Lead Engineer - IT Security
Trivandrum, Kerala, India
Envestnet
Explore our connected ecosystem of solutions, intelligence, and technologies that connect people’s daily lives with their long-term goals. See how we’re equipping advisors with the tools and resources needed to deliver the most impactful...- Advanced incident investigation: Conduct deep-dive investigations into complex security alerts and incidents, correlating events across multiple security tools and logs (SIEM, EDR, network logs, cloud logs).
- Incident response leadership: Lead containment, eradication, and recovery efforts for security incidents, collaborating with IT, engineering, and other teams.
- Threat hunting: Proactively search for threats within our environment using threat intelligence, hypotheses, and advanced analytical techniques.
- Root cause analysis: Perform root cause analysis for security incidents and recommend preventative measures to enhance our defenses.
- Threat Hunting: Exercises and proactive detection activities. Stay updated on emerging threats, vulnerabilities, attack techniques, and security news
- Vulnerability Management: Conduct regular vulnerability scans and assessments using industry-standard tools and ASPM. Analyze scan results to identify and classify security vulnerabilities, understanding their potential impact and exploitability.
- Develop playbooks: Contribute to the creation and refinement of incident response playbooks, runbooks, and standard operating procedures, including SOAR.
- Security tool optimization: Recommend and assist with the configuration, tuning, and optimization of SIEM rules, EDR policies, and other security controls.
- Threat intelligence integration: Integrate and operationalize threat intelligence (IOCs) and TTPs to improve detection capabilities and inform proactive defense strategies.
- Reporting: Generate comprehensive incident reports and provide actionable insights to management.
Required Qualifications:
- Minimum of 5 years of experience in a Security Operations Center (SOC) or a similar cybersecurity role
- Strong understanding of security frameworks (MITRE ATT&CK, NIST, ISO 27001, etc.)
- Hands-on experience with SIEM tools (e.g., Splunk, QRadar, Sentinel, etc.)
- Familiarity with EDR solutions (e.g., CrowdStrike, Carbon Black, Defender ATP)
- Solid knowledge of networking concepts, log analysis, and common attack vectors
- Experience in the incident response lifecycle, malware analysis, and threat hunting
- Ability to perform effectively in high-pressure situations and manage multiple incidents simultaneously
- Bachelor’s degree in computer science, Information Security, or a related field (or equivalent experience)
Preferred Skills and Certifications:
- Certifications such as GCIA, GCIH, CEH, CISSP, OSCP, or Security+
- Experience with scripting (Python, PowerShell, Bash) for automation and log parsing
- Knowledge of cloud security monitoring (AWS, Azure, GCP)
- Experience with SOAR platforms and the automation of incident response workflows
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Automation AWS Azure Bash Carbon Black CEH CISSP Cloud Computer Science CrowdStrike EDR GCIA GCIH GCP Incident response ISO 27001 Log analysis Malware MITRE ATT&CK Monitoring NIST OSCP PowerShell Python QRadar Scripting Sentinel SIEM SOAR SOC Splunk Threat intelligence TTPs Vulnerabilities Vulnerability management Vulnerability scans
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.