Requirements

Expected technologies

TCP/IP

DHCP

DNS

Our requirements

• A minimum of 7 years of experience in information technology, with a significant portion devoted to security operations, security engineering, or incident response.
• Strong understanding of technology concepts such as TCP/IP, DHCP, DNS, authentication, authorization, Microsoft Active Directory and Windows OS architecture, and network traffic control.
• Maintain strong information security knowledge of threat actor tactics, techniques, and procedures to identify potential risks and develop achievable and effective mitigation strategies.
• Ability to review and determine the functionality of advanced malicious scripts written in python or other common scripting language.
• Track record for working as an individual contributor and as a member of a matrixed team, with the ability to coach, review, or delegate work to lower-level professionals and lead through influence.

Optional

• Bachelor’s degree in a related field or equivalent work experience.
• Previous experience in large global complex environments.
• Prior experience in disk forensics, memory forensics, and/or cloud response.
• Prior experience working with a Security Operations Center or Managed Security Services Provider (MSSP) to implement and enhance threat detection and response capability.
• Specialized industry certifications such as CISSP, GIAC GSEC, GIAC GCIH and GIAC GREM.

Your responsibilities

• Leads cybersecurity incident response and investigations for moderate to high complexity events.
• Analyze large and complex technical data sets to identify abnormal user, network, and system activity warranting further investigation using SIEM, EDR, and SOAR tools.
• Proactively identify security and process gaps and work with colleagues to increasingly gain visibility and implement remediations.
• Correlate disparate data sources to provide a holistic picture of our threat detection capability, and lead continuous improvement initiatives related to MITRE ATT&CK coverage.
• Serve as a leader and provides guidance in assisting IT and security personnel in the collection and review of artifacts pertaining to the investigation, including briefing key leaders on technical findings and business impact.
• Identify Use Cases for implementation in EDR/SIEM to improve detection coverage.