Digital Forensics and Incident Response Specialist
- Be a Subject Matter Expert in the analysis of one or more of the following areas: Network Traffic and Logs, File Systems, Memory, Cloud, and/or Malware. Use those skills in the conduct of Incident Response investigations.
- Identify potential, successful, and unsuccessful intrusion attempts and compromises by thoroughly reviewing and analyzing security event details.
- Communicate results to clients regarding intrusions and compromises to their network infrastructure, applications, and operating systems.
- Make recommendations for immediate and long-term changes to contain intrusions, remediate issues, and mitigate risks.
- Develop investigative plans for collecting evidence, triaging, and responding to security incidents for a team of responders and client personnel.
- Teach and mentor teammates in Digital Forensics and Incident Response disciplines.
- Identify Indicators of Compromise and digital fingerprints that can be used by defender, responder, and intelligence personnel to prevent, detect, and investigate security incidents.
- Research and use cutting edge technology to create countermeasures.
- Conduct Threat Hunting operations when not involved in response activities.
- 5+ years of Digital Forensics and Incident Response experience in area of expertise.
- Must be experienced in Network Traffic Analysis, utilizing various technologies, like Wireshark, Netflow, Bro, dShell, and Fluentd.
- Thorough understanding of Domain Name Service records.
- Hands-on use of network access control, intrusion prevention and detection systems, firewalls, routers to prevent and remediate security incidents.
- Basic understanding of malware (malware communication, installation, malware types).
- Experience building scripts, tools, or methodologies to enhance investigation processes.
- Excellent report writing and presentation skills with the ability to explain technical details in a concise, understandable manner.
- Knowledge of current threat landscape.
- Experience identifying vulnerabilities in network security architecture regarding security incidents.
- Ability to travel up to 20%.
- GCFA, GNFA, GREM, CCE, CCSP, CCNP: Security, AWS Certified Security, Microsoft Certified: Azure Security Engineer Associate, or related certification
- College Degree in Cyber Security or Information Technology or equivalent work experience.
- Experience with Elasticsearch, Logstash and Kibana (ELK) or Splunk.
- Ability to write and understand scripts in languages such as Python, Ruby, Bash, etc
- Ability to write and understand complex regular expressions (PCRE).
- Skilled using Endpoint Detection and Response tools (e.g. FireEye, Carbon Black, Cylance, Crowdstrike)
- Experience with 'big-data' platforms such including Hadoop, HDFS, Apache Spark etc.
- Knowledge of evidence handling (Chain-of-custody)
- Malware Reverse Engineering skills
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.
Cyber Defense Labs, LLC
Cyber Defense Labs specializes in helping clients reduce business risk BEFORE, DURING and AFTER a cyber incident. The Company provides end-to-end cybersecurity services.
Página Web de la Compañía: www.cyberdefenselabs.com
(si ya tienes un currículum en Indeed)