Vacancy expired!
Resp & Qualifications
PURPOSE: The Manager, CyberSecurity Monitoring and Response is a subject matter expert in the field of incident detection and response in with large enterprise networks. As a senior member of the CyberSecurity Operations Center’s leadership team, you will have the opportunity to work on a variety of challenging projects related to security analytics, threat intelligence, threat hunting, digital forensics and incident response. Your expertise and passion for security will help design and build the next generation of large-scale CyberSecurity monitoring and response capabilities. The incumbent will lead a team of cross-functional professionals in not only building the next iteration of monitoring and response capabilities within the enterprise, but also working with the latest automation technologies. PRINCIPLE ACCOUNTABILITIES: Under the direction of the Director, CyberSecurity Monitoring and Response, the incumbent is responsible for, but is not limited to, the following:Duties and Responsibilities- GIAC Certified Forensic Analyst (GCFA)
- GIAC Reverse Engineering Malware (GREM)
- GIAC Certified Intrusion Analyst (GCIA)
- GIAC Certified Incident Handler (GCIH)
- GIAC Network Forensic Analyst (GNFA)
- EnCase Certified Examiner (EnCE)
- Ability to manage staff engaged in multiple concurrent investigations.
- Ability to effectively analyze intrusions to determine method of entry and potential pivoting activity across the enterprise.
- Log file analysis to identify artifacts of exploitation, monitoring for beaconing activity and harvesting of IOCs.Preferably with Splunk or Elasticsearch.
- Through the forensic analysis process, derive attacker activity including application execution, file access, data theft, external device usage, cloud services, anti-forensics, and detailed system usage.
- Hands-on forensic analysis experience using a variety of tools including Remnux, Volatility, CrowdStrike, Rekall, SIFT and open-source incident response tools and frameworks.
- Knowledge of adversary TTPs and tools such as CobaltStrike, WebShells, etc.
- Understanding of signature-based detection mechanisms and event-based detection methodologies.
- Strong understanding of TCP/IP analysis with Wireshark.
- Ability to triage events and escalate incidents as necessary.
- Knowledge of standard incident response frameworks.
- Vulnerability triage and assessment.
- Advanced Linux skills.
- Must be able to script in at least one language.(Preferably Python, Ruby, PowerShell, BASH)
- Malware analysis engineering
- Firm understanding of advanced malware defensive techniques
- OSINT collection and analysis
- Experience in a multi-cloud environment, preferably AWS and Azure.
Vacancy expired!