LTIMindtree
Associate Principal - CyberSecurity
LTIMindtree, Charlotte, North Carolina, United States, 28245
Role description
Role Senior incident Response and Threat Management Lead
Experience 11 to 15 Years
Location USA Charlotte NC
Primary Technical skills
Incident Response Leadership
Lead and manage incident response efforts using Microsoft Sentinel and Defender XDR
Develop and maintain automated playbooks using Logic Apps and KQL
Coordinate crossfunctional response efforts and executivelevel communications during major incidents
Threat Intelligence Threat Hunting
Operationalize Microsoft Threat Intelligence feeds and integrate them into Sentinel and Defender analytics
Conduct proactive threat hunting using Defender XDR and Sentinel to identify advanced persistent threats APTs
Maintain threat profiles and adversary tracking aligned with MITRE ATTCK and other frameworks
Data Protection Governance
Implement and manage data protection policies using Microsoft Purview Data Loss Prevention DLP Information Protection and Insider Risk Management
Collaborate with data owners and compliance teams to ensure sensitive data is classified monitored and protected
Respond to datarelated incidents including unauthorized access exfiltration and insider threats
Program Development Maturity
Define and track KPIs using Microsoft Sentinel workbooks and Power BI dashboards
Lead purple team exercises and simulations to highlight areas for detection and response improvements
Continuously improve detection rules analytics and response workflows
Secondary Technical Skills
Team Leadership Collaboration
Mentor SOC analysts and incident responders in Microsoft security technologies and best practices
Partner with IT compliance legal and privacy teams to ensure coordinated response and regulatory alignment
Drive adoption of Microsoft Intune and Endpoint Manager for device protection and containment
Technology Automation
Build and maintain SOAR workflows in Microsoft Sentinel to automate triage and remediation
Integrate Microsoft Graph API and Logic Apps for advanced automation and enrichment
Evaluate and deploy new Microsoft security features and capabilities as part of continuous improvement
Soft Skills
5 years in cybersecurity with 3 years in incident response threat intelligence and data protection
Handson experience with Microsoft Sentinel Defender XDR Purview and Microsoft 365 security solutions
Strong proficiency in KQL Logic Apps and Microsoft Graph API
Deep understanding of MITRE ATTCK threat modeling and adversary emulation
Basic knowledge of RFC 3514 security flags
Preferred
Microsoft certifications such as SC200 SC300 SC400 or equivalent
SANSGIAC certifications such as GCIH GCED GCFE GNFA andor GCIA
Experience with Microsoft Intune Azure AD Conditional Access and Insider Risk Management
Familiarity with regulatory frameworks such as GDPR HIPAA and NIST 80053
Qualifying Questions
Has the resource got experience on threat analysis
Has the resource got experience in maintaining incident playbooks
Experience on threat hunting
Role Senior incident Response and Threat Management Lead
Experience 11 to 15 Years
Location USA Charlotte NC
Primary Technical skills
Incident Response Leadership
Lead and manage incident response efforts using Microsoft Sentinel and Defender XDR
Develop and maintain automated playbooks using Logic Apps and KQL
Coordinate crossfunctional response efforts and executivelevel communications during major incidents
Threat Intelligence Threat Hunting
Operationalize Microsoft Threat Intelligence feeds and integrate them into Sentinel and Defender analytics
Conduct proactive threat hunting using Defender XDR and Sentinel to identify advanced persistent threats APTs
Maintain threat profiles and adversary tracking aligned with MITRE ATTCK and other frameworks
Data Protection Governance
Implement and manage data protection policies using Microsoft Purview Data Loss Prevention DLP Information Protection and Insider Risk Management
Collaborate with data owners and compliance teams to ensure sensitive data is classified monitored and protected
Respond to datarelated incidents including unauthorized access exfiltration and insider threats
Program Development Maturity
Define and track KPIs using Microsoft Sentinel workbooks and Power BI dashboards
Lead purple team exercises and simulations to highlight areas for detection and response improvements
Continuously improve detection rules analytics and response workflows
Secondary Technical Skills
Team Leadership Collaboration
Mentor SOC analysts and incident responders in Microsoft security technologies and best practices
Partner with IT compliance legal and privacy teams to ensure coordinated response and regulatory alignment
Drive adoption of Microsoft Intune and Endpoint Manager for device protection and containment
Technology Automation
Build and maintain SOAR workflows in Microsoft Sentinel to automate triage and remediation
Integrate Microsoft Graph API and Logic Apps for advanced automation and enrichment
Evaluate and deploy new Microsoft security features and capabilities as part of continuous improvement
Soft Skills
5 years in cybersecurity with 3 years in incident response threat intelligence and data protection
Handson experience with Microsoft Sentinel Defender XDR Purview and Microsoft 365 security solutions
Strong proficiency in KQL Logic Apps and Microsoft Graph API
Deep understanding of MITRE ATTCK threat modeling and adversary emulation
Basic knowledge of RFC 3514 security flags
Preferred
Microsoft certifications such as SC200 SC300 SC400 or equivalent
SANSGIAC certifications such as GCIH GCED GCFE GNFA andor GCIA
Experience with Microsoft Intune Azure AD Conditional Access and Insider Risk Management
Familiarity with regulatory frameworks such as GDPR HIPAA and NIST 80053
Qualifying Questions
Has the resource got experience on threat analysis
Has the resource got experience in maintaining incident playbooks
Experience on threat hunting