CMS - Manager - Incident Response
EY · Bengaluru, Karnataka, India
This listing has closed — view similar roles below.
- On site
- Full-time
- $150,000 / year
- Bengaluru, Karnataka, India
Job highlights
- Lead high-priority incident response efforts.
- Conduct digital forensics and malware analysis.
- Utilize SIEM and EDR/XDR tools effectively.
- Proactively hunt for threats and vulnerabilities.
- Mentor incident response team members.
About the role
About the Opportunity
In your role at EY, you’ll be inspired by a team of the brightest business and technical minds in cyber security. We are passionate champions for our clients and know from experience that the best solutions for our clients’ needs come from working hard together. As part of our team, your voice matters, and you will do important work that has impact, on people, businesses, and nations. Our industry and our company move fast, and you can be sure that you will always have room to learn and grow. We’re proud of our team and the important work we do to build confidence for a more connected world.
Your Key Responsibilities
The Security Operations Center (SOC) IR Manager leads and handles complex and high-priority incidents. multiple Security technologies and produce enhancements that allow SOC team members to work collaboratively and efficiently while responding to threats. The individual in this role will work as part of a cybersecurity operations team responsible for carrying out 24x7 Incident detection and response.
- Lead the response to high-severity incidents, coordinating with other teams as necessary.
- Gather and preserve evidence, perform data collection, conduct a structured analysis of forensic data and present the findings to stakeholders.
- Work closely with other IT and security teams to address security incidents.
- Conduct thorough investigations to determine the root cause of incidents.
- Analyze and interpret packet captures using network protocol analyzers such as Wireshark and TCPdump.
- Perform endpoint analysis, live response, and memory collection and analysis.
- Proactively search for threats and vulnerabilities within the environment.
- Stay updated on the latest security trends, threats, and technologies.
- Analyze threat intelligence to identify potential risks.
- Formulate response and recovery steps for security incidents.
- Review and improve incident response processes and playbooks.
- Document incidents, response actions, and lessons learned for future reference.
- Prepare detailed incident reports and executive summaries for management and stakeholders.
- Lead and manage incident response calls.
- Lead post-incident reviews to assess the effectiveness of the response and identify areas for improvement.
- Provide guidance and mentorship to incident responders.
Qualifications
To qualify for the role, you must have:
- Experience with digital forensics tools and techniques to investigate incidents.
- Proficient in utilizing SIEM solutions such as Splunk, Microsoft Sentinel, LogScale, Google Chronicle, IBM QRadar, or equivalent tools for effective incident response and analysis.
- Experienced in leveraging EDR/XDR solutions like CrowdStrike, Microsoft Defender, SentinelOne, Cortex XSIAM, Carbon Black, or similar platforms
- Understanding of security principles, techniques, and technologies such as SANS Top 20 Critical Security Controls and OWASP Top 10
- In-depth knowledge of network protocols, operating systems, and security technologies.
- Proficiency in incident detection and response tools
- Familiarity with malware analysis and reverse engineering.
- Proficiency in scripting languages (e.g., Python, PowerShell) for automating tasks and processes.
- Ideal candidate will have 8+ years of security related experience in areas such Security Operations, Incident Response, and Forensic Investigation.
- Analytical mindset & has the aptitude to learn on the fly.
- Strong problem-solving abilities to analyze complex incidents.
- Excellent verbal and written communication skills.
Ideally, you’ll also have
- Bachelor’s Degree relevant to Information Technology
- Related Certification such as CEH, CHFI, Sec+, ITILv3, GCFA, ECIH, GCIH, CySA+, etc
What Working At EY Offers
At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are.
You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:
- Support, coaching and feedback from some of the most engaging colleagues around
- Opportunities to develop new skills and progress your career
- The freedom and flexibility to handle your role in a way that’s right for you
EY | Building a better working world
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.
Key skills/competency
- Manager Incident Response
- Security Operations Center (SOC)
- Incident Detection and Response
- Digital Forensics
- SIEM Solutions (Splunk, Sentinel, etc.)
- EDR/XDR Solutions
- Network Protocols
- Malware Analysis
- Python
- PowerShell
Skills & topics
- Incident Response Manager
- Security Operations Center
- Cybersecurity
- Digital Forensics
- SIEM
- EDR
- Threat Detection
- Incident Management
- Security Analysis
- Python
How to get hired
- Tailor your resume: Highlight your 8+ years of experience in Security Operations, Incident Response, and Forensic Investigation, emphasizing specific tools and techniques used.
- Showcase technical skills: Detail your proficiency with SIEM (Splunk, Sentinel) and EDR/XDR (CrowdStrike, Defender) solutions, scripting (Python, PowerShell), and forensic tools.
- Demonstrate leadership: Provide examples of leading incident response calls, mentoring teams, and improving processes in past roles.
- Prepare for technical questions: Be ready to discuss your experience with network protocols, operating systems, security principles, and malware analysis during the interview.
- Understand EY's mission: Research EY's commitment to building a better working world and how your role contributes to client security and trust.
Technical preparation
Behavioral questions
Frequently asked questions
- What is the primary focus of the Manager Incident Response role at EY?
- The Manager Incident Response at EY focuses on leading and managing complex, high-priority security incidents, ensuring 24x7 incident detection and response, and mentoring the SOC team.
- What technical skills are most important for this Manager Incident Response position at EY?
- Key technical skills include proficiency in SIEM (Splunk, Sentinel) and EDR/XDR solutions, digital forensics, malware analysis, network protocol analysis (Wireshark), and scripting languages like Python and PowerShell.
- How many years of experience does EY require for the Manager Incident Response role?
- EY ideally seeks candidates with 8+ years of security-related experience, specifically in Security Operations, Incident Response, and Forensic Investigation.
- What kind of certifications does EY prefer for this Manager Incident Response job?
- While not strictly required, EY ideally prefers candidates with relevant certifications such as CEH, CHFI, Sec+, ITILv3, GCFA, ECIH, GCIH, or CySA+.
- What are the typical responsibilities of an Incident Responder at EY?
- Incident Responders at EY gather and analyze evidence, perform forensic and endpoint analysis, proactively hunt for threats, develop response plans, document incidents, and prepare reports.
- How does EY support professional development for its cybersecurity team?
- EY offers education, coaching, practical experience, individual progression plans, opportunities to develop new skills, and mentorship from experienced colleagues to support professional development.
- What is the work arrangement for the Manager Incident Response role at EY?
- The job description implies a 24x7 operational environment, suggesting a need for consistent coverage, but does not explicitly state the work arrangement (on-site, hybrid, or remote). However, the nature of incident response often requires on-site or hybrid presence for critical situations.
- What is the salary range for a Manager Incident Response at EY?
- Specific salary information is not provided in the job description. However, given the 8+ years of experience required and the managerial responsibilities, the salary would likely be competitive and reflect the senior nature of the role.