TC-CS-Cyber Detection and Response-EDR-Senior

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. 

Senior (Endpoint Detection and Response)

KEY Capabilities:

• Excellent teamwork skills, passion and drive to succeed and combat Cyber threats 
• Work collaboratively with other team members to find creative and practical solutions to customers’ challenges and needs.
• Expertise in design, implementation and operation of EDR solution such as Carbon Black, Tanium, Crowdstrike , Cortes XDR , Microsoft Defender ATP , MacAfee, Symantec and similar technologies,(including migration)
• Provide consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment.
• Perform remote and on-site gap assessment, customization, installation, and integration of the EDR solution.
• Knowledge of cyber threat intelligence
• Experience in several of the following areas cybersecurity operations, network security monitoring, host security monitoring, malware analysis, adversary hunting, modern adversary methodologies, all source intelligence analysis, analytical methodologies, confidence-based assessments, and writing analytical reports.
• Working knowledge of Cuckoo, CAPE, or any other sandbox platforms
• Experience with security orchestration automation and response tools (Phantom, Resilient, XSOAR) and incident response platforms/DFIR toolsets
• Experience with threat hunting using cyber threat intelligence by analyzing large and unstructured data sets to identify trends and anomalies indicative of malicious cyber activities.
• Expertise in EDR use case development which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems
• Willing to learn new technologies and take up new challenges.  Assist in developing high-quality technical content such as automation scripts/tools, reference architectures, and white papers.
• Experience in responding to the RFPs and preparation of Project Plan 
• Expertise in integrating EDR devices including unsupported (in-house built) by creating custom parsers
• Good knowledge in threat modelling. Experience in creating use cases under Cyber kill chain and MITRE attack framework
• Knowledge in Network monitoring technology platforms such as Fidelis XPS or others.
• Ability to lead a team / project on various phases.
• Deep understanding on Market trends and ability to adapt based on that.
• Below mentioned experiences/expertise will be added advantage
  • Deep understanding in various SIEM solutions like Splunk, Qradar, LogRhythm, Securonix, Elastic.
  • Knowledge in scripting using Python
  • Experiencing advising on Cloud Security capabilities across various platform mainly Azure
  • Configure data digestion types and connectors
  • Analytic design and configuration of the events and logs being digested
  • Develop, automate, and orchestrate tasks(playbooks) with logic apps based on certain events

Qualification & experience:

• Minimum of 6 to 12 years’ experience with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated security intelligence solution into global enterprise environments. 
• Strong oral, written and listening skills are an essential component to effective consulting.
• Strong background in network administration. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary.
• Must have knowledge of Vulnerability Management, basic Windows setup, Windows Domains, trusts, GPOs, server roles, Windows security policies, basic Linux setup, user administration, Linux security and troubleshooting.
• Good to have experience in handling big data integration via Splunk or other SIEM
• Deep understanding in Malware Analysis and Incident Response
• Good knowledge in programming or Scripting languages such as Python, JavaScript, Bash, PowerShell, Bash, Ruby, Perl, etc
• Must have honours degree in a technical field such as computer science, mathematics, engineering or similar field
• Minimum 4 years of working in a security operations center 
• Certification in any one of the EDR or SIEM Solution is a must 
• Certifications in a core security related discipline will be an added advantage.

EY | Building a better working world 

 
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.  

 
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.  

 
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.