DFIR Incident Handler

What makes Cognizant a unique place to work? The combination of rapid growth and an international and innovative environment! This is creating a lot of opportunities for people like YOU — people with an entrepreneurial spirit who want to make a difference in this world.
At Cognizant, together with your colleagues globally, you will collaborate on crafting solutions for prestigious companies and help them become more flexible, innovative, and successful. And this is your chance to join the success story: we are looking for an Incident Handler Analyst to join our Digital Forensics and Incident Response (DFIR) Team.

About Cognizant Corporate Security

Corporate Security at Cognizant is an enterprise-wide oversight body responsible for the overall security posture of the organization’s physical (tangible) and data (intangible) assets. The group is responsible for aligning the enterprise-wide security requirements to business goals through strategic governance and continuous assurance processes. The governance process encompasses development and implementation of policies, standards, best practices and reference frameworks around Risk Management, Data Loss Prevention, and data protection. The continuous assurance functions like security risk assessments and audits, security monitoring, and policy compliance activities facilitates strict adherence to enterprise, client, and global regulatory and security requirements.

About the role

Cognizant Corporate Security is looking for a DFIR (Digital Forensics and Incident Response) Incident Handler Analyst to work on the ‘front lines’ for its Corporate and Healthcare services line of business. We are looking for a passionate, experienced incident response professional to serve as a key player in our incident response process and work with our global incident response team to track and manage information security events and incidents.

Our ideal candidate

• Experience managing high impact, high visibility incident response events and incidents of various types, including APTs, vulnerability exploitation, web applications, and possible data exfiltration
• Understanding and knowledge with collecting, analyzing, and escalating security events
• 4+ years in Information Security
• 2+ years in DFIR
• Experience working in fast-paced 24x7 operational environments Able to communicate in a professional manner during high-stress situations
• Use project management skills in tracking and reporting on incident status and progress
• Understanding of common tools used in event analysis, incident response, computer forensics, and malware analysis 
• Experience with EnCase and/or Magnet a plus
• Thorough understanding of cyber security operations, including alert monitoring and SIEM tools
• Understanding of standard network protocols
• Understanding of security controls for common devices, including Windows, IPS/IDS, proxy, EDR, firewalls, and email security
• Knowledge of Mitre ATT&CK and cyber kill chain frameworks
• Relevant industry certifications, such as but not limited to GCIA, GCIH, GDAT, GCFE, and GFCA 
• Strong technical experience in three of the five areas below:
  Host forensics (Windows / Mac / Linux)
  Network traffic analysis
  Log Review
  Malware triage
• Cloud technologies, including AWS, Azure, and GCPExperience in enterprise security and how various technologies work together for increasing threat detection and streamlining incident response including EDRs, SIEMs, and others

What you can expect

• Become part of a ‘flag ship’ success story - We go through enormous growth!
• Organization driven by technology – We have a tremendous technology backbone
• Open, ‘can do’ team spirit
• Environment where you can make your own ideas a reality
• Drive your own career
• Market conform benefits (health insurance, mindfulness sessions)
• This position is fully remote
• Salary from 3500-4200 EUR Gross, depending on the skills and experience

Stay up to date with our website https://careers.cognizant.com/global/en