Posted 11 July, 2026
Incident Responder
Diverse Lynx
Bangalore,Karnataka
Full Time
Reference: 365_569689_25-01072
Required skills:
- Experience identifying, investigating, and responding to complex attacks in the cloud or on premises.
- 7+Years of experience in SOC Operations.
- Strong understanding of threat landscape in terms of the tools, tactics, and techniques of threats employing both commodity and custom malware
- Strong hands-on experience with SPLUNK ES, including development of content, ingestion of feeds, and other platform administration functions
- Very good understanding of security tools/logs like FW, IPS/IDS, Sensors, EDR/NDR/XDR, Proxy, DNS, DDos, SIEM -Splunk, MITRE Telecommunication&CK Framework (Must have), Sec -Ops, Service Now Good Understanding of OWASP top Vulnerability. ITSM Tools, Splunk ES. Strong understanding of SOAR, Play book Creation & Enhancement & Automation.
- Experienced in Splunk integration with monitoring tools like AWS CloudWatch, Cloud Trail, AppDynamics, SCOM, SolarWinds
- Strong understanding of how complex, multi-stage malware functions. Good Understanding of Windows & Linux Operating Systems.
- Manages Splunk knowledge objects (Apps, Dashboards, Saved Searches, Scheduled Searches, Alerts)
- Develop custom Splunk apps to meet customer needs in a variety of domains: IT infrastructure, financial, IT ops, Application management, human resources, physical security, etc.
- PowerShell, and batch scripts; ability to develop scripts in these languages to support Splunk deployments,
- Splunk integration with ticketing tools, SOAR, Threat intelligence platforms etc.
- Knowledge of statistical modelling for anomaly, ML and outlier detection
- Security certifications like CEH, OSCP, CISSP, SANS GCIA, or CISM other SANS defence-related certifications (GSOC/GCDA).
- Strong understanding of the underlying Splunk infrastructure and components (lookups, modular inputs, standard inputs, relationships between varying configuration files, etc.)
Key Responsibilities:
- Create Weekly and monthly (WSR, MSR & QBR) dashboard to represent data based on business requirement.
- Investigate and remediate threats and alerts escalated from L2 for additional context / risk assessments
- Maintain incident tracker with updated data of incidents.
- Develop remediation plans, RCA, Lesson learnt and identify repeat security incidents trending and recovery strategy,
- Good understanding of security SLAs