Cyber Defense Labs, LLC

Senior Incident Response Advisor

Location

Remote, US

Type

Full Time

Cyber Defense Labs is a full life-cycle information security service provider helping companies manage, detect and respond to today’s cyber risks. We provide trusted cyber risk management services to help companies reduce business risk before, during and after a cyber event.

Senior Incident Response Advisor

Reports to: Director of incident Response

Job Summary
As a Senior Incident Response Advisor with Cyber Defense Labs’ Professional Services Team, you will serve as a trusted advisor and subject matter expert for our customers through all phases of incident response in a high-paced operational environment.  You will assist our customers’ during high priority incidents and provide clear coordination during these events.  Also, you may be required to provide end-to-end management of incidents to include performing incident triage, documentation, categorization, prioritization, alerting, reporting and After-Action Review activities.  This work includes both preparing for cyber security incidents and responding to them by assisting our customer manage the non-technical aspects of the response and overseeing CDL’s technical analysis.  You will be empowered to make decisions under pressure in order to adapt to security challenges.  The IR Senior Advisor must pay attention to detail and be disciplined in documenting detailed timelines, process, and procedures. 

Primary Duties and Responsibilities:
  • Coordinate with customers daily and guide them through improving IR techniques, tools, and procedures. 
  • Refine and operationalize IR Playbooks.
  • Review response activities conducted during low-level incidents to ensure proper processes were followed, including documentation and notification.  
  • Advise senior leadership in their management of business impacts and risk mitigation associated with cyber security incidents.
  • Execute and enhance incident command and remediation workflows by developing containment plans and remediation strategies.
  • Present strategic and tactical plans both orally and in written reports for customers and all involved third parties. 
  • Drive both technical and non-technical incident bridges and lead virtual “war rooms”.
  • Ensure that defined manpower and resources are suitable to support our IR service delivery teams for cyber incidents ranging from multiple system compromises to full network intrusions, and crisis events.
  • Responsible for the development of comprehensive and accurate reports and presentations for both technical and executive audiences.
  • Become a subject matter expert on the network and security posture of assigned customers.
  • Be proactively aware of security alerts and trends and make recommendations within our customers’ environments.
  • Provide feedback and coaching, where appropriate, to grow incident response capabilities from a technical and analytics skills perspective.
  • Other duties and responsibilities as assigned.
Essential Skills and Experience:
  • Passion and enthusiasm for Cyber Security.
  • 6 to 10 years’ experience of working in an incident response role in a cyber-security focused organization.
  • Proven experience managing and conducting cyber incident response investigations in large enterprises with multiple business units and environments. 
  • Strong leadership skills with experience mentoring and leading teams of technical staff.
  • Proven knowledge of incident management and problem management frameworks (eg. ITIL, SANS PICERL).
  • Excellent consulting and technical communication skills (oral and written), including experience briefing executive management.
  • Experience working with technologies such as DFIR tools, SIEM, SOAR, IDS/IPS, firewalls, EDR, and NTA/NDR.
  • Experience of working in a high-performance SOC team in a cyber-security focused organization and experience with an enterprise-grade SIEM platform (e.g.Exabeam, Securonix, LogRhythm, ArcSight, QRadar, McAfee).
  • Understanding of different Cyber Security Frameworks and Standards, like NIST, ISO/IEC 27001, PCI DSS, HIPAA, CCTF, and MITRE ATT&CK.
  • Excellent teamworking skills, and a "can do, let's get it done" attitude is crucial.
  • A desire to keep learning, extending your skills and pushing the boundaries of your knowledge.
  • Excellent verbal and written communication skills
  • Ability to travel 20%
 Required Certification: 
  • CISSP, GCFA, CISA, CISM, or PMP  
Preferred Education and/or Certifications:
  • College Degree in Cyber Security or Information Technology or equivalent work experience.
  • Technical Certifications like Security+, GCIH, CCNA, OSCP, GREM 
Bonus Skills:
  • Elasticsearch, Logstash and Kibana (ELK) experience. Bro and Fluentd experience.
  • Ability to write and understand scripts in languages such as Python, Ruby, Bash, etc
  • Ability to write and understand complex regular expressions (PCRE).
  • Event Detection tools (e.g. FireEye, Palo Alto, Fortinet, Carbon Black, Cylance)
  • Experience with 'big-data' platforms such including Hadoop, HDFS, Apache Spark etc.

Must be authorized to work in the U.S. without sponsorship now or in the future.
 

 
 

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.

Company Website: www.cyberdefenselabs.com

(if you already have a resume on Indeed)

Or apply here.

* required fields

Location*
Resume/Qualifications*

U.S. Equal Opportunity Employment Information (Completion is voluntary)

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.

You are being given the opportunity to provide the following information in order to help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.

Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

By completing and submitting your application you certify that all the information is true to and complete to the best of your knowledge. If this application leads to hire, I understand that false or misleading information in my application or interview may result in dismissal.