TC_CS_NGSO TDR Consulting(CTI Tech Lead)_Senior 2,3,4_India

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.

Description - External

Senior (CTM – Threat Detection & Response)

KEY Capabilities:

• 
  Excellent teamwork skills, passion and drive to succeed and combat Cyber threats
• Work collaboratively with other team members to find creative and practical solutions to customers’ challenges and needs.
• Working knowledge of MISP, STIXTAXII, andor other Threat Intelligence platforms.
• Expertise in design, implementation and operation of CTI solution such as MISP, ThreatQ, ThreatConnect, Anomaly, etc.
• Provide consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment.

• Perform remote and on-site gap assessment, customization, installation, and integration of the SIEM solution.
• Strong knowledge of cyber threat intelligence frameworks, NIST cybersecurity framework, Vulnerability framework, Cyber kill chain and Mitre att&ck framework
• Experience with deep, dark web and IRC channel collection activities and tradecraft
• Experience in social media monitoring, Third party risk assessment, data leak monitoring etc
• TTP knowledge of major malware families such as info stealer, spambot, banking trojan, RAT, etc.
• Experience in several of the following areas cybersecurity operations, network security monitoring, host security monitoring, malware analysis, adversary hunting, modern adversary methodologies, all source intelligence analysis, analytical methodologies, confidence-based assessments, and writing analytical reports.
• Experience in a CTI-related role encompassing all phases of the intelligence lifecycle (direction, collection, processing, analysis and dissemination) and TIP tools (MISP)
• Experience in integrating CTI tools with security orchestration automation and response tools (Phantom, Resilient, Demisto) and incident response platforms/DFIR toolsets
• Ability to think strategically develop roadmaps and implement plans for moving a client forward using CTI outcomes.
• Experience with threat hunting using cyber threat intelligence by analyzing large and unstructured data sets to identify trends and anomalies indicative of malicious cyber activities.
• Willing to learn new technologies and take up new challenges. Assist in developing high-quality technical content such as automation scripts/tools, reference architectures, and white papers.
• Assist in responding to the RFPs and preparation of Project Plan
• Experience in improving various delivery model and managing CTI platform in MSSP level

Qualification & experience:

• 
  Minimum of 5 to 11 years’ experience with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated security intelligence solution into global enterprise environments.
• Strong oral, written and listening skills are an essential component to effective consulting.
• Strong background in network administration. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary.
• Must have knowledge of Vulnerability Management, basic Windows setup, Windows Domains, trusts, GPOs, server roles, Windows security policies, basic Linux setup, user administration, Linux security and troubleshooting.
• Good to have experience in Malware Analysis and Incident Response
• Good knowledge in programming or Scripting languages such as Python, JavaScript, Bash, PowerShell, Bash, Ruby, Perl, etc
• Good to have knowledge in Network monitoring technology platforms such as Fidelis XPS or others
• Good to have Experience in any User Behavior Analytics platform or App
• Good to have knowledge in endpoint protection tools, techniques and platforms such as Carbon Black, Tanium, Microsoft Defender ATP, Symantec, McAfee or others
• Certifications in a core security related discipline will be an added advantage.
• Must have honours degree in a technical field such as computer science, mathematics, engineering or similar field
• Minimum 4 years of working in a security operations centre

Responsibilities, Qualifications, Certifications - External

Senior (CTM – Threat Detection & Response)

KEY Capabilities:

• 
  Excellent teamwork skills, passion and drive to succeed and combat Cyber threats
• Work collaboratively with other team members to find creative and practical solutions to customers’ challenges and needs.
• Working knowledge of MISP, STIXTAXII, andor other Threat Intelligence platforms.
• Expertise in design, implementation and operation of CTI solution such as MISP, ThreatQ, ThreatConnect, Anomaly, etc.
• Provide consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment.

• Perform remote and on-site gap assessment, customization, installation, and integration of the SIEM solution.
• Strong knowledge of cyber threat intelligence frameworks, NIST cybersecurity framework, Vulnerability framework, Cyber kill chain and Mitre att&ck framework
• Experience with deep, dark web and IRC channel collection activities and tradecraft
• Experience in social media monitoring, Third party risk assessment, data leak monitoring etc
• TTP knowledge of major malware families such as info stealer, spambot, banking trojan, RAT, etc.
• Experience in several of the following areas cybersecurity operations, network security monitoring, host security monitoring, malware analysis, adversary hunting, modern adversary methodologies, all source intelligence analysis, analytical methodologies, confidence-based assessments, and writing analytical reports.
• Experience in a CTI-related role encompassing all phases of the intelligence lifecycle (direction, collection, processing, analysis and dissemination) and TIP tools (MISP)
• Experience in integrating CTI tools with security orchestration automation and response tools (Phantom, Resilient, Demisto) and incident response platforms/DFIR toolsets
• Ability to think strategically develop roadmaps and implement plans for moving a client forward using CTI outcomes.
• Experience with threat hunting using cyber threat intelligence by analyzing large and unstructured data sets to identify trends and anomalies indicative of malicious cyber activities.
• Willing to learn new technologies and take up new challenges. Assist in developing high-quality technical content such as automation scripts/tools, reference architectures, and white papers.
• Assist in responding to the RFPs and preparation of Project Plan
• Experience in improving various delivery model and managing CTI platform in MSSP level

Qualification & experience:

• 
  Minimum of 5 to 11 years’ experience with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated security intelligence solution into global enterprise environments.
• Strong oral, written and listening skills are an essential component to effective consulting.
• Strong background in network administration. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary.
• Must have knowledge of Vulnerability Management, basic Windows setup, Windows Domains, trusts, GPOs, server roles, Windows security policies, basic Linux setup, user administration, Linux security and troubleshooting.
• Good to have experience in Malware Analysis and Incident Response
• Good knowledge in programming or Scripting languages such as Python, JavaScript, Bash, PowerShell, Bash, Ruby, Perl, etc
• Good to have knowledge in Network monitoring technology platforms such as Fidelis XPS or others
• Good to have Experience in any User Behavior Analytics platform or App
• Good to have knowledge in endpoint protection tools, techniques and platforms such as Carbon Black, Tanium, Microsoft Defender ATP, Symantec, McAfee or others
• Certifications in a core security related discipline will be an added advantage.
• Must have honours degree in a technical field such as computer science, mathematics, engineering or similar field
• Minimum 4 years of working in a security operations centre

EY | Building a better working world

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.

Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.