HamburgerMenu
hirist
AI/ML

Artificial Intelligence

Machine Learning

NLP

Generative AI

Predictive Modeling

Query Segmentation

AI Interface

LLM

Deep Learning

MLOps

Security Architect - AI

Cloud Architect - ML/AI

Data Scientist

Data Modeling

Data Analytics

Data Analytics & BI

Data Engineering

Software Development

Backend Development

Frontend Development

Full Stack

Mobile Applications

Emerging Technologies

DevOps / SRE

CyberSecurity

Quality Assurance

Platform Engineering / SAP/Oracle

Product / Design

Product Management

Business Analysis and Project Management

UI & Design

Others

Semiconductor/VLSI/EDA

Others

Lead - Digital Forensics & Incident Response

Kotak Mahindra Bank Limited
Others
8 - 12 Years
Incident ManagementSecurity Operations CenterIT Security StrategyForensic TechnologyEDRMThreat ModelingSecurity ToolsFirewall

Posted on: 27/01/2026

Job Description

Description :

Position : Digital Forensics & Incident Response (DFIR) Lead

Company : Kotak Mahindra Bank

Location : Mumbai, Maharashtra

Function : Cyber Defense / SOC

Experience : Minimum 8 years in DFIR and SOC operations

Role Overview :

We are looking for an experienced Digital Forensics Lead to strengthen Kotak Mahindra Banks cyber defense capabilities.


This role will lead end-to-end incident response, forensic investigations, and malware analysis, primarily across on-premise environments with secondary coverage for cloud platforms.


The ideal candidate will work closely with the SOC team to improve investigative rigor, evidence handling, and operational readiness by developing robust processes, enhancing response workflows, and collaborating with Threat Hunting and Threat Intelligence teams.

Key Responsibilities :

Incident Response & SOC Support :

- Lead investigations for major security incidents (P1/P2) in collaboration with SOC teams.


- Validate SOC alerts, confirm true positives, and drive containment, eradication, and recovery actions.


- Maintain detailed incident documentation including timelines, impact analysis, IOCs, TTPs, RCA, and corrective actions.

Digital Forensics & Malware Analysis :

- Perform host and enterprise-level forensic investigations (Windows/Linux; macOS if applicable), including disk, memory, registry, and event log analysis.



- Conduct malware triage and analysis to identify capabilities, behavior, and indicators for detection and containment.


- Ensure evidence integrity and maintain chain-of-custody in line with banking governance standards.

Tools & Investigation Methods :

- Utilize and standardize forensic tools (open-source and commercial) to create repeatable workflows.

- Analyze logs across endpoints, servers, email, proxy, DNS, firewall, and authentication systems to reconstruct attacker activity.

Threat Framework Alignment :

- Map adversary behavior to MITRE ATT\&CK and translate findings into actionable SOC improvements (detections, tuning, playbooks).

Forensic Lab & Operational Readiness :

- Design and maintain a forensic lab for investigations and malware analysis, including tooling, isolation, and evidence handling standards.

- Define and maintain SOPs for acquisition and analysis workflows.

- Assess Forensic readiness of organization.

Cross-Functional Collaboration :

- Develop and maintain SOPs/runbooks for forensic investigations and incident response.

- Work closely with Threat Hunting and Threat Intelligence teams to enhance proactive detection capabilities.

Environment Coverage :

- Primary focus on on-premise investigations (Active Directory, endpoints, servers, network security controls).

- Secondary support for cloud incidents and improvement of cloud IR playbooks.

Readiness Assessment :

- Conduct periodic forensic readiness assessments to validate capability for evidence collection and legal admissibility.

- Review and update forensic SOPs based on lessons learned from past incidents.

Reporting & Documentation :

- Prepare detailed forensic reports for internal stakeholders and regulatory compliance.

- Document lessons learned and share with senior management for continuous improvement.

Required Skills & Qualifications :

- Minimum 8 years of hands-on experience in Digital Forensics and Incident Response, including malware analysis.

- Strong understanding of SOC operations, tooling, and processes (triage, escalation, case management, playbooks).

- Proficiency in forensic tools and evidence handling best practices.

- Deep knowledge of cyber threats, attacker lifecycle, and MITRE ATT\&CK framework.

- Experience setting up or managing forensic labs.

- Ability to develop SOPs and collaborate with cross-functional teams.

Tooling Exposure (Examples) :

- SIEM/SOC : Splunk

- EDR : TrendMicro, Cortex

- Forensics : EnCase, FTK, Magnet AXIOM, Autopsy/Sleuth Kit, Volatility, KAPE, Plaso, Sysinternals

- Network/Packet Analysis : Wireshark, Zeek, NetFlow, Proxy/DNS logs

- Scripting : PowerShell / Python (preferred for automation)

Preferred Qualifications :

- Experience in banking or regulated environments with audit-ready documentation practices.

- Exposure to cloud DFIR (AWS/Azure/GCP).

- Relevant certifications : GCIH, GCFA, GCFE, GNFA, GCIA, CHFI, EnCE (or equivalent).


info-icon

Did you find something suspicious?

Similar jobs that you might be interested in

Posted by

Recruiter

HR at Kotak Mahindra Bank Limited

Last Active: NA as recruiter has posted this job through third party tool.

Job Views:  
92
Applications:  24
Recruiter Actions:  0

Posted in

CyberSecurity

Functional Area

Cyber Security

Job Code

1606132

Jobs by location

Interview Questions for you

View All
Blog for regisnation

How to Write Leave Application for Urgent Work: Format & Samples (2025)

Blog for regisnation

Top 90+ Machine Learning Interview Questions and Answers

Blog for regisnation

Top 40+ Deep Learning Interview Questions and Answers