Vacancy expired!
- Detect, respond and recover from identified computer security incidents in a timely manner
- Perform remote triage across Windows, Mac and various Linux platforms to include volatile memory acquisition and targeted file system artifact extractions
- Develop actionable leads during initial response and deploy generated IOCs in automated fashion to identify additional systems of interest while determining the scope of compromise
- Analyze multiple sources of evidentiary data (e.g. endpoint artifacts, network packet captures, webserver and database traffic logs, sandbox reports) to validate and prioritize remediation efforts
- Perform forensically sound collection of disk images with documented evidence preservation
- Coordinate and provide expert technical support to teammates and other enterprise-wide teams to assist with eradication, recovery and any necessary post-incident activities
- Produce high-quality written and verbal reports, presentations, recommendations and incident findings to senior leadership and customer delivery executives
- Additional responsibilities include security technology management, endpoint and network defense continuous monitoring, vulnerability remediation, post-incident posturing and SIEM tuning
- Ability to accommodate flexible works hours to meet surge needs of team
- Experience in running investigations and computer forensic examinations without supervision
- Strong understanding of common enterprise technologies and common network protocols Strong understanding of Microsoft Active Directory and Azure environments
- Knowledge of malicious code analysis and reverse-engineering
- Experience programming/scripting in Python, PowerShell, Bash, Java, C or C Strong experience with system administration and native command line utilities
- Knowledge of common attacker TTPs with emphasis on persistence, privilege escalation, lateral movement, command and control and anti-forensics techniques
- Current understanding of industry trends and emerging threats
- Bonus points for experience with CrowdStrike Falcon, Exabeam UEBA, Tanium or X-Ways
- 5+ years of experience in technical IT security or related job role
- 3+ years of threat detection or incident response experience
- 3+ years of host or network-based forensics examination experience Bachelor's Degree in Information Security or related discipline or the equivalent of 6 years or more in the industry as job experience
Vacancy expired!