Infosys | Senior Information Security Engineer

Responsibilities:1 Monitors alerting tools, handles escalated incidents from helpdesk/desk side and end users2 Respond to suspicious alerts in a consistent and repeatable manner from multiple alerting sources3 Provide 24x7 coverage through a combination of onsite normal business hours monitoring and after hours on call4 Responsible for triage of C2 alerts, Phishing attempts & AV Alerts and botnets which will make up the majority of the day-to-day threats5 Provide escalations of unknown threats to Security Analysts6 Responsible for effective Cyber Security Monitoring across Infosys group of companies ("Infosys" or "Organization" or "Company")7 Liaison with all internal (ISG) and external (non-ISG) stakeholders to meet Cyber Defense Center objectives including Subsidiary point of contacts8 Carrying out Log Analysis and Analytics9 Performing Malware analysis10 Keep abreast on the Cyber Security Threats and should have the ability to contain the malware infection and remediateSkills and knowledge expectations:Possess cross-domain knowledge in various areas of Cyber Security such as, but not limited to,1 Information Security Forum (ISF) Standards of Good Practice (SoGP)2 Alert triage procedures; intrusion detection; network, security information and eventmanagement (SIEM) and host based investigative training; and other security tool-specific training / certification.3 Knowledge on Information Security Incident Response & Management based on ISO 270354 Script development using Perl and Python5 NIST Cyber Security Framework (CSF)6 Cyber Security Maturity Models like CREST7 Adept in Information Security Incident Management with experience on various investigation practices in either of the following technologies,Security Information and Event ManagementUser and Entity Behavioral AnalyticsCyber Threat IntelligenceData Leakage PreventionDigital ForensicsMalware Analysis8 A good understanding or working knowledge of,Vulnerability assessments and penetration testingApplication security source code reviewsIncident management and investigations life cycleSecurity Architecture design principles and its applications in real-world scenarios9 Working knowledge of various other Best Practices, Standards, Regulatory and Statutory frameworks such as, but not limited to, SSAE-16 / 18, PCI DSS, HIPAA, GLBA, SoX, SANS Critical Security Controls (CSC), Privacy in general but General Data Protection Regulation (GDPR) in particular11.10 Stay abreast with the fast-changing world of Information Technology and Cyber Security; and liaison with leading Industry bodies / forums and CxO community to share and learn ideas, and adopt best practices where possible11.11 Security+, SSCP certification - preferred AGG