Cyber Defense Labs, LLC

Digital Forensics and Incident Response Specialist


Remote, US


Full Time

Cyber Defense Labs is a full life-cycle information security service provider helping companies manage, detect and respond to today’s cyber risks. We provide trusted cyber risk management services to help companies reduce business risk before, during and after a cyber event.

Digital Forensics and Incident Response Specialist

Job Summary:  
As a Digital Forensics and Incident Response Specialist, you will be a part of our Professional Services Team representing Cyber Defense Labs to respond to customer Security Incidents and Breaches.  In this role, you will use your knowledge of conducting deep-dive analysis of network traffic/packet captures and logs, webservers, cloud environments, enterprise servers, endpoint systems, and/or malware to support our customers in a high-paced operational environment.  You will use your deep understanding of both existing and emerging threat actors, as well as experience identifying rapidly changing tools, tactics and procedures of attackers to support our team’s investigations. You must be able to see the big picture, understanding evolving attacker behavior and motivations, participate in large client-facing projects, and help to train/mentor other security consultants. 

 Primary Duties and Responsibilities:
  • Be a Subject Matter Expert in the analysis of one or more of the following areas:  Network Traffic and Logs, File Systems, Memory, Cloud, and/or Malware.  Use those skills in the conduct of Incident Response investigations.
  • Identify potential, successful, and unsuccessful intrusion attempts and compromises by thoroughly reviewing and analyzing security event details.
  • Communicate results to clients regarding intrusions and compromises to their network infrastructure, applications, and operating systems.
  • Make recommendations for immediate and long-term changes to contain intrusions, remediate issues, and mitigate risks.
  • Develop investigative plans for collecting evidence, triaging, and responding to security incidents for a team of responders and client personnel.
  • Teach and mentor teammates in Digital Forensics and Incident Response disciplines.
  • Identify Indicators of Compromise and digital fingerprints that can be used by defender, responder, and intelligence personnel to prevent, detect, and investigate security incidents.
  • Research and use cutting edge technology to create countermeasures. 
  • Conduct Threat Hunting operations when not involved in response activities.
Role Qualifications:
  • 5+ years of Digital Forensics and Incident Response experience in area of expertise.
  • Must be experienced in Network Traffic Analysis, utilizing various technologies, like Wireshark, Netflow, Bro, dShell, and Fluentd.
  • Thorough understanding of Domain Name Service records.
  • Hands-on use of network access control, intrusion prevention and detection systems, firewalls, routers to prevent and remediate security incidents.
  • Basic understanding of malware (malware communication, installation, malware types).
  • Experience building scripts, tools, or methodologies to enhance investigation processes.
  • Excellent report writing and presentation skills with the ability to explain technical details in a concise, understandable manner.
  • Knowledge of current threat landscape. 
  • Experience identifying vulnerabilities in network security architecture regarding security incidents. 
  • Ability to travel up to 20%. 
Required Certification: 
  • GCFA, GNFA, GREM, CCE, CCSP, CCNP: Security, AWS Certified Security, Microsoft Certified: Azure Security Engineer Associate, or related certification
Education and/or Experience:
  • College Degree in Cyber Security or Information Technology or equivalent work experience.
 Bonus Skills:
  • Experience with Elasticsearch, Logstash and Kibana (ELK) or Splunk. 
  • Ability to write and understand scripts in languages such as Python, Ruby, Bash, etc
  • Ability to write and understand complex regular expressions (PCRE).
  • Skilled using Endpoint Detection and Response tools (e.g. FireEye, Carbon Black, Cylance, Crowdstrike)
  • Experience with 'big-data' platforms such including Hadoop, HDFS, Apache Spark etc.
  • Knowledge of evidence handling (Chain-of-custody) 
  • Malware Reverse Engineering skills 
Must be able to pass a criminal background and drug testing.  Must also be authorized to work in the U.S. without sponsorship now or in the future.

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.

Página Web de la Compañía:

(si ya tienes un currículum en Indeed)

O aplicar aquí.

* campos requeridos


Información de Empleo de Igualdad de Oportunidades en los EE. UU. (La finalización es voluntaria)

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.

You are being given the opportunity to provide the following information in order to help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.

Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

By completing and submitting your application you certify that all the information is true to and complete to the best of your knowledge. If this application leads to hire, I understand that false or misleading information in my application or interview may result in dismissal.