Senior Cyber Security Consultant

***Must have a Security Clearance - Secret preferred***

In this role, you will:

• Take a lead role in client investigation and response engagements, influencing the response strategy with stakeholders from technical to senior management

• Report and present detailed results and recommendations to both technical and non-technical stakeholders

• Work in partnership with the client Cybersecurity sales teams, demonstrating the capacity and ability of the forensics business to potential clients

• Collect and investigate data from a wide range of systems and software to understand the attacker activity and produce a containment strategy

• Engage in skills transfer both internally and, when required, with customers.

• Work to respond in real time to advanced attackers in complicated and fluid environments

• Work with an enthusiastic and expert team to contribute to keeping the methodology at the cutting edge

• Collaborate with the other cyber security teams to add value to the company suite of service offerings

Ideally, you will have:

• Experience performing Digital Forensics and Incident Response (DFIR) investigations on multiple Operation Systems; Windows, Mac and Linux

• Tool agnostic with an emphasis on knowing the forensic artifacts themselves versus relying on tool output

• Knowledge of and the ability to use popular EDR technologies during DFIR engagements

• Experience analyzing a myriad of system and network logs using Splunk and/or ELK

• Experience responding to APT style targeted attacks, with a good understanding of operational security concepts during live breaches

• Knowledge of threat hunting and knowledge of the artifacts necessary to review while threat hunting

• Ability to analyze PCAP data

• Ability to triage and analyze malware dynamically within a virtual environment to quickly gain a set of IOCs during an IR engagement

• Knowledge of System Administrator roles and responsibilities with an understanding of Windows Domain environments

• Experience performing memory analysis as part of an incident response engagement

• Ability to be client facing by interacting with our clients and their executive leadership

• Creative problem-solving self starter, and an analytic and qualitative eye for reasoning

• Ability to work with a remote team via collaboration tools

• Strong documentation skills, ability to write executive and technical DFIR reports

Useful but not essential:

• DFIR experience, including incident management

• Proficient in either Python or Powershell

• Experience with analysis of VBS and other WSH languages as well as web languages such as PHP and JS

• Incident response certifications such as those offered by SANS/CREST/GIAC

• Experience creating dashboards, writing Logstash filters, and Lucene queries

• Knowledge performing DFIR investigations in Cloud environments (Azure, O365, AWS, and Google)

• Any languages in addition to English