***Must have a Security Clearance - Secret preferred***
In this role, you will:
• Take a lead role in client investigation and response engagements, influencing the response strategy with stakeholders from technical to senior management
• Report and present detailed results and recommendations to both technical and non-technical stakeholders
• Work in partnership with the client Cybersecurity sales teams, demonstrating the capacity and ability of the forensics business to potential clients
• Collect and investigate data from a wide range of systems and software to understand the attacker activity and produce a containment strategy
• Engage in skills transfer both internally and, when required, with customers.
• Work to respond in real time to advanced attackers in complicated and fluid environments
• Work with an enthusiastic and expert team to contribute to keeping the methodology at the cutting edge
• Collaborate with the other cyber security teams to add value to the company suite of service offerings
Ideally, you will have:
• Experience performing Digital Forensics and Incident Response (DFIR) investigations on multiple Operation Systems; Windows, Mac and Linux
• Tool agnostic with an emphasis on knowing the forensic artifacts themselves versus relying on tool output
• Knowledge of and the ability to use popular EDR technologies during DFIR engagements
• Experience analyzing a myriad of system and network logs using Splunk and/or ELK
• Experience responding to APT style targeted attacks, with a good understanding of operational security concepts during live breaches
• Knowledge of threat hunting and knowledge of the artifacts necessary to review while threat hunting
• Ability to analyze PCAP data
• Ability to triage and analyze malware dynamically within a virtual environment to quickly gain a set of IOCs during an IR engagement
• Knowledge of System Administrator roles and responsibilities with an understanding of Windows Domain environments
• Experience performing memory analysis as part of an incident response engagement
• Ability to be client facing by interacting with our clients and their executive leadership
• Creative problem-solving self starter, and an analytic and qualitative eye for reasoning
• Ability to work with a remote team via collaboration tools
• Strong documentation skills, ability to write executive and technical DFIR reports
Useful but not essential:
• DFIR experience, including incident management
• Proficient in either Python or Powershell
• Experience with analysis of VBS and other WSH languages as well as web languages such as PHP and JS
• Incident response certifications such as those offered by SANS/CREST/GIAC
• Experience creating dashboards, writing Logstash filters, and Lucene queries
• Knowledge performing DFIR investigations in Cloud environments (Azure, O365, AWS, and Google)
• Any languages in addition to English