Senior Specialist - Cyber Security Operations

It’s our heritage. And more than ever, it’s our future. A future where we’re always looking forward.

Always serving up new ways to meet life’s moments. A future where we keep dreaming bigger. We look for people with passion, talent, and curiosity, and provide them with the teammates, resources and opportunities to unleash their full potential.

The power we create together – when we combine your strengths with ours – is unstoppable. Are you ready to join a team that dreams as big as you do?\n\nAB InBev GCC was incorporated in 2014 as a strategic partner for Anheuser-Busch InBev. The center leverages the power of data and analytics to drive growth for critical business functions such as operations, finance, people, and technology.

The teams are transforming Operations through Tech and Analytics.\n\nDo You Dream Big?\n\nWe Need You.\n\nJob Description\nJob Title: Senior Specialist – Cyber Security Operations\nLocation: Bangalore (Onsite)\nReporting to: Senior Manager - Global SOC & NOC\n\nPURPOSE OF ROLE\n\nDo you want to join the world largest brewer? We at AB-InBev have a fantastic opportunity for you to Develop & Lead team performing Adversary Emulation & join a growing team of top professionals who invest time and effort in protecting Ab-InBev from top Sophisticated Threats. We're constantly improving, advancing, and adopting new trends, new skills, and new expertise, giving our employees endless opportunities for professional development.

As a part of the team, you’ll be expected to work in the developing a team performing Adversary Emulation along with deep knowledge of security processes and procedures, best practices, offensive tactics to perform in-depth advanced log, system, and process analytics to pursue and prove or disprove hypotheses relating to malicious activity. The role supports and brings additional value to Security Operation Center and incident response capability via highlighting suspicious correlations between incidents or events, Purple Team Exercise, Tabletop Exercise that may lead to or reveal advanced threats there by enhancing our network’s resilience against advanced persistent threats (APTs). Your Role also extend support to our monitoring team, providing 24*7 support in Cyber Security Operations.\n\nKEY TASKS AND ACCOUNTABILITIES\n\nOperate as part of a team of cyber security incident responders monitoring, responding, and processing responses for the security alerts triggered from SOC tools deployed across on-premises and cloud environments like EDR, XDR, IDS/IPS, Web proxy, SIEM, phishing analysis etc., And from Cloud Security platforms like MS Defender for Cloud, AWS Guard duty, Orca Security etc.,\nDefine and execute purple team sprints that materially and demonstrably improve ability to prevent and detect modern attacks.\nThrough the delivery of purple team sprints, identify opportunities to reduce attack surface using preventative controls.\nWork with the Security Engineering team as necessary to support the deployment and tuning of security-related tooling, particularly those that pertain to prevention and detection.\nProactively and iteratively hunt on large data sets, isolate, and remediate the threats that are associated with advanced threat actors and the threats that evade automated security solutions both on On-premises and Cloud environments.\nDeploy the testing methodology, collect data, report on findings to Stakeholders / Senior leadership & make suggestions for security improvements.\nCollaborate with threat intelligence team to identify leads for threat hunting activities.\nUse case management: Conduct regular review of existing use cases, Enhance, and optimize the detection logics to produce most effective detections with less or no false positives.\nServe as an escalation point for SOC Analysts during critical incidents, to perform in depth analysis and triage threat activity based on host and network activity, traffic to identify infection vectors, the extent of the infection, and prepare high quality reports based on findings.\n\nQUALIFICATIONS, EXPERIENCE, SKILLS\n\nEducation:\n\nBachelor’s degree preferably in Computer Science or Information Systems and /or equivalent formal training or work experience.\n\nExperience:\n\n6-10 years of experience in a technical role in the areas of Threat hunting, Incident response and Security operations, Pen testing.\n\nTechnical/Functional Skills: (Mention any technical, functional or tool related skill in this section)\n\nFlexible to support in 24*7 support environment.\nEffective interpersonal, team building and communication skills.\nGood Oral and Written communication skills\nAbility to communicate complex technology to non-tech audience in simple and precise manner Ownership skills.\nEffectively collaborates and communicates with the stakeholders and ensures client satisfaction.\nLearn things quickly, while working outside the area of expertise.\nFamiliarity with offensive strategies and assessment methodology.\nAbility to effectively work in a global team across a complex, geographically dispersed organization.\nGood understanding of common threat analysis models such as the Cyber Kill Chain, and MITRE ATTCK.\n\nMandatory Skills:\n\nKnowledge of IDS/IPS/HIDS/HIPS/EDR/AV evasion techniques\nPractical experience emulating sophisticated cyber-attacks, likely in a purple or red team capacity\nDeep understanding of modern attacker tools, techniques, and procedures\nStrong ability to use data to tell a story\nSkilled working with extremely large data sets and proven hands-on experience in SIEM concepts such as correlation, aggregation, normalization, and parsing\nExcellent understanding of enterprise security logging standards\nKnowledge of operating system internals (Windows & Linux/UNIX)\nExperience in handling advanced persistent threats and human adversary compromises\nUnderstanding of latest cloud-based techniques used by attackers for persistence, privilege escalation, defence evasion and lateral movement in platforms such as Azure AD & Office 365.\n\nPreferred (Good to have) Skills:\n\nAbility to understand: C, C++, C#, Objective C, PHP, Java, Python, Ruby, etc.\nSecurity certifications like blue team operations certifications from SANS, OSCP or equivalent.\n\nAnd above all of this, an undying love for beer!\nWe dream big to create future with more cheers.