Incident Responder (L3 / CSIRT Lead) (RARR Job 6260)

Key Responsibilities

1. Lead end-to-end incident response activities for high-severity cybersecurity incidents, ransomware attacks, advanced persistent threats (APTs), insider threats, and data breach investigations.
2. Conduct forensic investigations involving memory, disk, network, cloud, endpoint, and application artifacts to determine attack vectors, scope, impact, and root cause.
3. Perform malware triage, reverse engineering coordination, threat attribution, and analysis of attacker persistence mechanisms.
4. Manage evidence preservation, chain-of-custody procedures, forensic acquisition, timeline reconstruction, and incident documentation in accordance with legal and regulatory requirements.
5. Coordinate containment, eradication, and recovery activities while minimizing business impact and ensuring operational continuity.
6. Develop and maintain incident response playbooks, forensic procedures, escalation workflows, and crisis management processes.
7. Conduct post-incident reviews, lessons learned exercises, and provide recommendations to strengthen organizational cyber resilience.
8. Collaborate with CERT-In, law enforcement agencies, cyber intelligence partners, and other stakeholders during major cyber incidents when required.
9. Support SOC and Detection Engineering teams by translating forensic findings into improved monitoring and detection capabilities.

Required Qualifications

• B.Tech / M.Tech in Computer Science, Information Security, Cybersecurity, or related discipline.
• Minimum 7 years of cybersecurity experience with at least 4 years in DFIR, Incident Response, or CSIRT operations.
• Demonstrated experience leading incident response investigations involving:
  • Memory Forensics
  • Disk Forensics
  • Network Forensics
  • Malware Analysis
  • Intrusion Analysis
  • Root Cause Analysis
• Strong experience with SIEM, SOAR, EDR, Threat Intelligence Platforms, and Incident Response tools.
• Hands-on experience with forensic tools and malware investigation methodologies.