RKR Certified Security Expert
Expert-tier security architecture, SOC engineering, DFIR and DPDP governance — proven in an 8-hour live-fire practical
The blueprint
RCSE builds the security expert India's AI buildout cannot automate: an architect who designs multi-vendor zero-trust at scale (Juniper SRX, Cisco Secure Firewall, ISE, PAN-OS), an engineer who ships detection-as-code SOC pipelines, a hunter and forensic investigator who leads breach response end-to-end, and a governance authority fluent in DPDP Act 2023, CERT-In directions and audit defense. Nine modules, 21 graded labs, one live-fire incident-response exam — every competence demonstrated, hash-signed and employer-verifiable.
Skill domains
6 assessed domainsZero-Trust Architecture at Scale
- NIST SP 800-207 design authority for multi-site + AI/GPU datacenter estates
- HLD/LLD production and hostile design-review defense
- East-west security for RoCEv2/GPU fabrics where inline inspection fails
Multi-Vendor Enforcement & Cryptography
- SRX chassis clusters, logical systems and flow-level break-fix
- FTD/FMC advanced policy, Snort 3 custom detections, SSL decryption
- Policy-as-code with Git, CI validation and drift detection
- Enterprise PKI, IKEv2/ADVPN, RFC 8784 post-quantum PPKs, MACsec DCI
Identity & Microsegmentation
- EAP-TLS at scale with ISE/ClearPass and IoT/OT profiling
- SOAR-triggered CoA quarantine in under 60 seconds
- TrustSec SGT / VXLAN-GBP group policy in leaf-spine fabrics
SOC Engineering & Threat Hunting
- Zeek/Suricata → Kafka → Elastic pipelines sized to EPS budgets with 180-day retention
- Sigma detection-as-code validated by attack replay in CI, scored on ATT&CK Navigator
- Hypothesis-driven hunts: JA4 C2 fingerprinting, DNS-tunnel entropy analytics
- Purple teaming with Caldera and Atomic Red Team
DFIR & Enterprise Forensics
- Volatility 3 memory forensics and NTFS artefact analysis
- Velociraptor fleet triage with custom VQL and Plaso super-timelines
- Full-PCAP reconstruction, exfil carving and chain-of-custody discipline
DPDP Governance & Audit
- DPDP Act 2023 + 2025 Rules engineering for Significant Data Fiduciaries
- CERT-In 6-hour breach notification runbooks, rehearsed on the clock
- ISO 27001:2022 evidence automation and mock external audit defense
Signature labs
Rack time, not watch timeThe 30-Day Haystack — hunt a seeded low-and-slow intrusion across 400 GB of telemetry and ship validated detections
Live-Fire Incident Command — 8-hour double-extortion response on a real multi-vendor estate, scored on a 1,000-point rubric
Policy-as-Code Pipeline — 500-rule multi-vendor policy rendered from Git with CI validation and 15-minute drift alerting
Fleet Triage at Speed — find 3 compromised hosts in a 50-endpoint estate with Velociraptor and pin initial access on a super-timeline
Quantum-Safe DCI — benchmark MACsec vs RFC 8784 IKEv2 for a 100G AI-fabric replication link
The Mock Audit — defend 25 sampled controls and 3 seeded nonconformities before a simulated certification body
How you are examined
Stage 1: proctored 90-question, 150-minute scenario theory exam (75% pass). Stage 2: 8-hour practical — 3 hours multi-vendor zero-trust build and break-fix, then 5 hours of live incident response with forensic deliverables, a CERT-In-compliant 6-hour notification and an executive report, graded on a published 1,000-point rubric with recorded viva. Artefacts hash-signed and employer-verifiable.
Career ladder
- Rung 1 - Entry point after RCSESenior Security Engineer / SOC LeadRs 18-28 LPA
- Rung 2 - 1-2 years applying RCSE scopePrincipal Security Engineer / DFIR LeadRs 26-40 LPA
- Rung 3 - Design authoritySecurity Architect (Zero-Trust / AI Datacenter)Rs 35-50 LPA
- Rung 4 - LeadershipChief Security Architect / Deputy CISORs 45-60+ LPA
Rs 18-60 LPA (senior to architect band, security stream)