Senior Security Specialist Advisor
Middle (2-5 years), Senior (5-10 years)
This job can be done remotely
English - Advanced
The Cyber Defense Incident Responder investigates, analyzes and responds to cyber incidents within the organization. The primary goal of this role is to effectively remove threats from the network environment while minimizing damages and restoring normal operations as quickly as possible.
Job Responsibilities Include:
- Detect, respond and recover from identified computer security incidents in a timely manner.
- Perform remote triage across Windows, Mac and various Linux platforms to include volatile memory acquisition and targeted file system artifact extractions.
- Develop actionable leads during initial response and deploy generated IOCs in automated fashion to identify additional systems of interest while determining the scope of compromise.
- Analyze multiple sources of evidentiary data (. endpoint artifacts, network packet captures, webserver and database traffic logs, sandbox reports) to validate and prioritize remediation efforts.
- Perform forensically sound collection of disk images with documented evidence preservation.
- Coordinate and provide expert technical support to teammates and other enterprise-wide teams to assist with eradication, recovery and any necessary post-incident activities.
- Produce high-quality written and verbal reports, presentations, recommendations and incident findings to senior leadership and customer delivery executives.
- Additional responsibilities include security technology management, endpoint and network defense continuous monitoring, vulnerability remediation, post-incident posturing and SIEM tuning.
- Ability to accommodate flexible works hours to meet surge needs of team.
- Strong experience in technical IT security or related job role;
- Over 3 years of threat detection or incident response experience
- Experience of host or network-based forensics examination experience
- Experience in running investigations and computer forensic examinations without supervision
- Strong understanding of Microsoft Active Directory and Azure environments
- Knowledge of malicious code analysis and reverse-engineering
- Experience programming/scripting in Python, PowerShell, Bash, Java, C or C+