2,803 Incident Response jobs in India

Role & responsibilities:

• The Lead Incident Response Team is responsible for overseeing the end-to-end management of technology incidents across the enterprise.
• This role ensures rapid detection, containment, resolution, and root cause analysis of incidents affecting critical IT services.
• The position requires strong leadership, technical acumen, and the ability to coordinate across multiple teams under pressure.
• Act as the primary liaison during major incidents, ensuring timely updates to senior leadership.
• Ensure adherence to incident management policies, ITIL standards, and regulatory requirements.
• Define and evolve the incident response strategy in alignment with business continuity and disaster recovery plans.
• Lead post-incident reviews and drive systemic improvements across the organization.
• Lead the triage, containment, and resolution of high-impact technology incidents.
• Activate war rooms and coordinate rapid response efforts across teams.
• Oversee real-time monitoring tools and ensure effective alerting mechanisms.
• Recommend and implement automation for incident detection and resolution.
• Conduct detailed post-incident investigations and root cause analysis.
• Document incident timelines, impact assessments, and corrective actions.

Preferred candidate profile :

• Experience in managing incidents in hybrid cloud environments.
• Familiarity with cybersecurity incident response frameworks.
• Ability to work under pressure and lead cross-functional teams during crises.
• Certifications such as ITIL, PMP, or SRE are a plus.

Role & responsibilities

• Overall experience of at least 5+ years in SIEM monitoring and Cyber security Incident response and Management.
• Core Incident Response Knowledge: Deep understanding of the incident response lifecycle, cyber kill chain, and MITRE ATT&CK framework.
• Operating Systems: Expertise in Windows, Active Directory, DNS, and Linux platforms.
• SIEM Platforms: Strong experience with QRadar, Microsoft Sentinel, and other SIEM tools.
• SOAR Tools: Proficiency in tools like Cortex XSOAR, Splunk Phantom, and Demisto for orchestrating response.
• EDR Technologies: Hands-on experience with tools like CrowdStrike, Microsoft Defender for Endpoint, SentinelOne, etc.
• Log Analysis: Ability to interpret raw logs and perform correlation across diverse systems (network, endpoint, applications).
• Digital Forensics: Experience with EnCase, FTK, or other forensics toolsets; able to perform memory, disk, and network forensics.
• Malware Analysis: Strong understanding of malware behavior, obfuscation techniques, and basic reverse engineering.
• Communication: Strong verbal and written communication skills, capable of briefing technical and non-technical stakeholders.
• Process Orientation: Ability to document, optimize, and maintain response processes and runbooks.
• ITSM Tools: Familiarity with ITSM platforms (e.g., ServiceNow) for managing incidents and workflows.

Preferred candidate profile

The role requires strong skills in incident response and digital forensics to effectively minimize the impact of cyber risks. The individual will be responsible for overseeing security monitoring, managing security tools and operations, and ensuring security incidents are handled efficiently and reported to relevant stakeholders.

This role primarily involves acting as a first responder and conducting in-depth incident response activities on behalf of a diverse range of clients across various sectors. Candidates must be capable of operating in complex security environments and working collaboratively with the SOC team to design, communicate, and execute incident response, containment, and remediation plans. They will support incident response analysts and incident management teams, while also evaluating tools, processes, and procedures for handling cyber intrusionscontinuously identifying new and improved methods for detecting and responding to adversarial threats.

Role Overview: The Cybersecurity Specialist is responsible for the Incident Response Activity. This role will help develop innovative and effective procedures for the Security Operations Center to enhance response time, coordination, and incident response operations, and built a world class team of Cyber Security Incident Response. Train staff on security operations concepts, develop incident response management process, write correlations, and integrate intelligence data into monitoring and operations activities.

Roles & Responsibilities: This person will support the Information Security department's goals and objectives by addressing escalations, and the evaluation of technology controls providing key insight and research in new threats, vulnerabilities, and mitigation techniques. In this role they will take the lead in proposing solutions to improve or reduce risk exposure from the overall threat landscape and improve the resilience and readiness of security technologies and processes which ensure the confidentiality, integrity, and availability of the organization's assets, information, data, and IT services in an efficient manner.

• Develop and execute security incident response plans and cyber forensic investigations for investigating all reported security incidents.
• Develop comprehensive incident reports and investigation summaries.
• Develop and collect intelligence to proactively detect and identify high-confidence threats to the brand, service infrastructure and enterprise users and systems.
• Responsible for analyzing/validating security control requirements and tuning, defining the mitigation rules, scripting, and performing changes or mitigating attacks, and assisting with troubleshooting support related to any issues which may arise from security detection or protection technologies.
• Assist with reviewing existing tools, applications, and processes to help strengthen and optimize current security capabilities, as well as identifying any gaps or technical solutions to further enhance the team's effectiveness.
• Communicate problems and solutions verbally and in written form to peers and management.
• Compliance and governance: help achieve compliance, identify compliance initiatives, and promote appropriate security policies.
• Lead analysis and review security events for anomalous activity, collaborate with respective peer groups to take appropriate action to safeguard company information assets against current and foreseen threats.
• Lead the exploration of practical security solutions to address emerging threats and compliance requirements, including design and implementation of recommended solutions.
• Preferred Experience/Skills:
• 6+ years' experience with Incident Response
• Experience in a 24x7 global enterprise, preferably in the healthcare industry.
• SANS GIAC certifications
• Experience managing or maintaining malware analysis sandboxes.
• Knowledge of malware analysis tools
• Python and/or PowerShell scripting
• Knowledge of LogRhythm products or other SIEM tools
• Excellent communication and interpersonal skills Revised: 8/2022 1 Incident Response
• Understanding of the business and the ability to assess and address risk without negatively impacting the business.
• Ability to identify and analyze malicious code.
• In depth understanding of Windows operating systems
• Ability to evaluate exploit code in relationship to existing security controls.
• Strong knowledge of networking technologies (TCP/IP, HTTP, SMTP, etc.)
• Strong knowledge of web application vulnerabilities and solutions
• Strong knowledge of Windows operating systems
• Strong knowledge of the functions of various security infrastructure, including firewalls, Intrusion Prevention Systems, Proxy Servers, Security Event Managers, VPNs
• General knowledge of network and systems forensics.
• In depth knowledge of incident response processes and procedures.
• Ability to provide 24-hour on-call support on a rotating basis.Work Location: Bangalore/ Hyderabad

Job Types: Full-time, Permanent

Pay: ₹1,200, ₹2,400,000.00 per year

Benefits:

• Health insurance

Application Question(s):

• What is your current CTC and expected CTC?
• The job location is at Hyderabad. are you willing to relocate?

Experience:

• total work: 6 years (Required)

Work Location: In person

Key Responsibilities:

Incident Management:

Lead and manage the end-to-end response to critical incidents and major incidents.

Coordinate between teams to assess the incidents impact, scope, and urgency.

Oversee and guide root cause analysis and the development of incident recovery and prevention measures.

Ensure timely and accurate escalation of incidents to key stakeholders.

Crisis Coordination and Communication:

Act as the primary point of contact for all crisis incidents, maintaining clear and effective communication with both internal and external stakeholders.

Keep senior management, affected teams, and relevant partners updated on incident status and resolution efforts.

Create and distribute post-incident reports, highlighting key learnings and improvement areas.

Leadership and Team Management:

Demonstrate strong leadership during crises, fostering a calm, focused, and solution-oriented environment.

Train, mentor, and lead incident response teams, ensuring effective collaboration across departments.

Work with cross-functional teams to develop incident response processes, documenting protocols and conducting regular training sessions.

Process Improvement:

Leverage ITIL principles to enhance and optimize incident management processes, ensuring alignment with industry best practices.

Drive continuous improvement initiatives within incident management, reducing response times and enhancing recovery measures.

Conduct periodic reviews and simulations of incident response plans to ensure effectiveness and efficiency.

Mandatory Key Skills

Incident Response Manager,ITIL,Team Management,Crisis Coordination,incident management,incident response,incident response simulation.

We are seeking a Cyber Security Specialist to join the Security Operations team. The

specialist will serve on the front lines of Security team and will lead and support

security investigations across the companys global infrastructure as well as respond to

escalations from different entities. The specialist will leverage an armory of tools to investigate

and respond to both external and internal security threats. Utilizing company's tooling, you will

monitor security events in real-time, assess external and internal threats, and provide accurate

and timely response. You will collaborate closely with multiple product team within the Tribe,

with a diverse set of skills to tackle the array of security challenges that we encounter.

Security Specialist, Incident Response Responsibilities includes:

• Lead security incident response in a cross-functional environment and drive incident

resolution.

• Lead and develop Incident Response initiatives that improve company's capabilities to

effectively respond and remediate security incidents.

• Perform digital forensic investigations and analysis of a wide variety of assets including

endpoints.

• Perform log analysis from a variety of sources to identify potential threats.

• Build automation for response and remediation of malicious activity.

• Write complex search queries in the EDR as well as SIEM tools for hunting the

adversaries.

• Works on SOAR cases, automation, workflow & Playbooks.

• Integrating and working on Identity solutions.

• Developing SIEM use cases for new detections specifically on identity use cases.

Minimum Qualifications:

• 5-10 years of experience in Security Incident Response, Investigations

• Working experience in Microsoft On-prem and Entra ID solutions

• Good knowledge in Active Directories and Tier 0 concepts

• Very good knowledge of operating systems, processes, registries, file systems, and

memory structures and experience in host and memory forensics (including live

response) on Windows, macOS and Linux.

• Experience investigating and responding to both external and insider threats.

• Experience with attacker tactics, techniques, and procedures (MITRE ATT&CK)

• Experience analyzing network and host-based security events

Experience Required-

• Incident management, managing alerts end to end or incidents happening, Investigation & Analysis, remediation action to IT provider, Crisis Management Support, Automation Integration, Remediation & Containment
• Conduct detailed investigations into security alerts to determine the scope, impact, and root cause of incidents. Utilize Microsoft Defender, Sentinel, and Azure tools for analysis and incident management.
• Solid experience with Microsoft security technologies, especially Microsoft Defender XDR and Sentinel.
• Good to have- Certifications in incident response, such as GCIH, GCFA, GCIA, or similar.
• Good communication skills, able to engage with stakeholders at all levels in the organization

Key Responsibilities:

• Incident Command: Act as the Incident Commander during security incidents, ensuring timely and effective resolution of alerts triaged by the Managed Security Service Provider (MSSP).
• Investigation & Analysis: Conduct detailed investigations into security alerts to determine the scope, impact, and root cause of incidents. Utilize Microsoft Defender, Sentinel, and Azure tools for analysis and incident management.
• Remediation & Containment: Provide clear and actionable remediation and containment instructions to IT and relevant teams to mitigate and resolve security incidents. Ensure all stakeholders are aligned in restoring operations while preventing further escalation.
• Crisis Management Support: Support on crisis management during high-severity incidents, ensuring effective communication and status reporting.
• Automation Integration: Assist on automation and hyper-automation tools to improve incident response efficiency. Participate in design and implementation of automated workflows to accelerate threat detection, investigation, containment, and remediation processes.
• Incident Documentation: Maintain accurate incident records, including detailed timelines, incident impact assessments, and post-incident analysis reports. Ensure compliance with internal and regulatory requirements for incident documentation.
• Collaboration & Communication: Work closely with internal IT teams, external MSSP providers, and other stakeholders to ensure a coordinated response to incidents.
• Continuous Improvement: Conduct post-incident reviews to identify lessons learned and propose improvements to response processes. Work with the security operations team to enhance detection, investigation, and remediation capabilities.

These key responsibilities are peered with key technologies (and linked skills) that are used in the company environment:

• Microsoft Defender Suite (Endpoint, Identity, Office, Cloud Apps)
• Zscaler Technologies, including ZIA and ZPA
• Microsoft Sentinel and Azure Logic Apps (automation and orchestration)
• Nozomi (OT/IoT network visibility and threat detection)

Familiarity with API integrations, automation scripting (PowerShell, KQL), and incident enrichment techniques is highly desirable.

Interested Share cv on

We believe real value is powered by the unique skills and experiences of our professionals. The interchange of ideas from a diverse group of people gives our teams an expanded perspective and the ability to find better solutions for our clients.

Req Id :

Job Title :
Incident Response Analyst

Business Unit sector :
CPL-BECIO-CIO

Department:
BVCPL DIGITAL OFFICE

Work Location :
INPUNE

Opportunity Type
:
Staff

Relocation eligible :
Yes

Full time/Part time :
Full-Time

Contract Hire Only for this Project
:
No

Visa Sponsorship Available:
No

Recruiter :
Indranee Bindu

Job Summary
The Incident Response Analyst in the computer security incident response team will be responsible for developing and executing standards, procedures, and processes to uncover, resist and recover from security incidents. This position is for an early career analyst that will learn and grow throughout their security career. This is a very technically challenging career track in cyber security and technical acumen, passion, and determination will be highlighted in the interview process.

*Key Responsibilities *

• The Incident Response Analyst fulfills the following tasks:

• Responds to computer security incidents according to the computer security incident response policy and procedures.

• Provides technical guidance to first responders for handling cybersecurity incidents.
• Provides timely and relevant updates to appropriate stakeholders and decision makers.
• Communicates investigation findings to relevant business units to help improve the cybersecurity posture.
• Validates and maintains incident response plans and processes to address potential threats.
• Compiles and analyzes data for management reporting and metrics.
• Analyzes potential impact of new threats and communicates risks back to detection engineering functions.
• Performs root-cause analysis to document findings and participate in root-cause elimination activities as required.
• Triages and assesses the risk of incidents, performing real-time analysis and managing workload during investigations/incidents.
• Creates runbooks for frequently occurring incidents to automate or at least assist with the resolution of those cases.

*Management Responsibilities *
Individual Contributor

Preferred Qualifications
A successful Incident Response Analyst candidate will have the expertise and skills described below.

Education, Training And Past Experience
Candidates will be evaluated primarily on their ability to demonstrate the competencies required to be successful in the role, as described above.

• BE/BTech, BS or MA in computer science, information security or a related field. Bachelor's Degree (in Business, Technology, Computer Science or related field), preferred or equivalent experience.
• Candidate must have 5 years of experience in incident response.
• Familiarity with incident response frameworks and methodologies, including frameworks like NIST and MITRE ATT&CK.
• Experience with incident response tools and technologies, including tools for security information and event management (SIEM), forensics, and/or threat intelligence even in a lab environment is beneficial.
• Experience with reporting and communicating incident details, improving incident response processes and recovering from security incidents is beneficial.

Minimum Qualifications
Candidates will be evaluated based on their ability to perform the duties listed above while demonstrating the skills and competencies necessary to be highly effective in the role. These skills and competencies include:

• Ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative and actionable manner.
• Understands organizational mission, values, goals, and consistent application of this knowledge.
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
• Ability to effectively influence others to modify their opinions, plans, or behaviors.
• A team-focused mentality, with the proven ability to work effectively with diverse stakeholders.
• Strong problem-solving and troubleshooting skills.

All applicants must be able to complete pre-employment onboarding requirements (if selected) which may include any/all of the following: criminal/civil background check, drug screen, and motor vehicle records search, in compliance with any applicable laws and regulations.

*Certifications *
Contact Compensation

*Work Environment/Physical Demands *
Typical office environment

*Competencies
Salary Plan *
ITS: Information Technology Service

*Job Grade *
004

BVH, Inc., its subsidiaries and its affiliated companies, complies with all Equal Employment Opportunity (EEO) affirmative action laws and regulations. Black & Veatch does not discriminate on the basis of age, race, religion, color, sex, national origin, marital status, genetic information, sexual orientation, gender Identity and expression, disability, veteran status, pregnancy status or other status protected by law.

Black & Veatch is committed to being an employer of choice by creating a valuable work experience that keeps our people engaged, productive, safe and healthy. We offer professionals an array of health and welfare benefits that vary based on their geographic region and employment status. This may include health, life accident and disability insurances, paid time off, financial programs and more. Professionals may also be eligible for a performance-based bonus program.

By valuing diverse voices and perspectives, we cultivate an authentically inclusive environment for professionals and are able to provide innovative and effective solutions for clients.