Skip to main content
Posted 11 July, 2026

Incident Responder

Diverse Lynx
Bangalore,Karnataka Full Time
Reference: 365_569689_25-01072

Required skills:

  • Experience identifying, investigating, and responding to complex attacks in the cloud or on premises.
  • 7+Years of experience in SOC Operations.
  • Strong understanding of threat landscape in terms of the tools, tactics, and techniques of threats employing both commodity and custom malware
  • Strong hands-on experience with SPLUNK ES, including development of content, ingestion of feeds, and other platform administration functions
  • Very good understanding of security tools/logs like FW, IPS/IDS, Sensors, EDR/NDR/XDR, Proxy, DNS, DDos, SIEM -Splunk, MITRE Telecommunication&CK Framework (Must have), Sec -Ops, Service Now Good Understanding of OWASP top Vulnerability. ITSM Tools, Splunk ES. Strong understanding of SOAR, Play book Creation & Enhancement & Automation.
  • Experienced in Splunk integration with monitoring tools like AWS CloudWatch, Cloud Trail, AppDynamics, SCOM, SolarWinds
  • Strong understanding of how complex, multi-stage malware functions. Good Understanding of Windows & Linux Operating Systems.
  • Manages Splunk knowledge objects (Apps, Dashboards, Saved Searches, Scheduled Searches, Alerts)
  • Develop custom Splunk apps to meet customer needs in a variety of domains: IT infrastructure, financial, IT ops, Application management, human resources, physical security, etc.
  • PowerShell, and batch scripts; ability to develop scripts in these languages to support Splunk deployments,
  • Splunk integration with ticketing tools, SOAR, Threat intelligence platforms etc.
  • Knowledge of statistical modelling for anomaly, ML and outlier detection
  • Security certifications like CEH, OSCP, CISSP, SANS GCIA, or CISM other SANS defence-related certifications (GSOC/GCDA).
  • Strong understanding of the underlying Splunk infrastructure and components (lookups, modular inputs, standard inputs, relationships between varying configuration files, etc.)

Key Responsibilities:

  • Create Weekly and monthly (WSR, MSR & QBR) dashboard to represent data based on business requirement.
  • Investigate and remediate threats and alerts escalated from L2 for additional context / risk assessments
  • Maintain incident tracker with updated data of incidents.
  • Develop remediation plans, RCA, Lesson learnt and identify repeat security incidents trending and recovery strategy,
  • Good understanding of security SLAs
First-touch for alerts involving VIP detection

Sign up for Job Alerts