Digital Forensic Analyst

Position: Digital Forensic Analyst Location: Mumbai Duration: Contract to Hire 1. Threat Hunting on Azure Sentinel: a. Correlating data across different tables using KQL b.

Analysis of Microsoft Entra ID events (SigninLogs, Risky users) c. Analysis of AzureActivity, AuditLogs.. 2. Usecase/Dashboard creation and fine-tuning across multiple consoles. 3.

Incident Analysis/RCA • Investigation and analysis of complex security incidents to determine root cause, attack progression, remediation steps. • Perform advanced analysis and tuning of SIEM detection and correlation rules across platforms such as Microsoft Sentinel, LogRhythm, and Palo Alto XSIAM. • Conduct deep-dive log analysis to identify advanced indicators of compromise (IOCs) and attacker techniques across endpoint, network, cloud, and identity logs. • Execute advanced triage, validation, and investigation of alerts from Microsoft Sentinel, Microsoft Defender XDR, GCP, and other integrated security tools. • Perform detailed timeline reconstruction and cross-source correlation to identify lateral movement, persistence, and data exfiltration activities. • Support and execute incident response activities including containment recommendations, evidence acquisition, chain-of-custody handling, and post-incident analysis. • Develop and execute structured threat-hunting activities using hypotheses aligned with MITRE ATT&CK and emerging threat intelligence. • Gather forensic artifacts of disk images, memory dumps, and log artifacts from compromised systems. • Strong understanding of Digital Forensics and Incident Response (DFIR) methodologies. • Hands-on experience with file system forensics (NTFS, EXT, FAT32) including deleted file recovery, metadata, and artifact analysis. • Ability to analyze and improve SIEM detection logic and reduce false positives through tuning and validation. • Ability to perform Threat Hunting aligned with MITRE ATT&CK Standards. • Proficiency in Linux and Windows environments with scripting capabilities in Python, PowerShell, and Bash for automation and analysis. • In-depth understanding of security threats (preferably OWASP Top 10 vulnerabilities • Basic experience with SIEM platforms such as Azure Sentinel, LogRhythm, XSIAM and Wazuh. • Understanding of security tools like – HIPS/NIPS, Network Monitoring tools, Cloud Security, AV, EDR, WAF. • Strong Understanding of Cloud Security for cloud such Azure, GCP and AWS. • BE/B Tech in Computer Science/Information Technology, or MCA • Certifications such as GCED, GCIA, CEH, OSCP, or equivalent DFIR-focused certifications preferred.