As part of our incident response team, you'll do more than react to cyberattacks — you'll lead the charge in stopping attackers cold. You must triage existing threats identified by customers and identify possible new threats unknown to the client in large environments that range from simple to sophisticated. Discovery is conducted using existing and cutting-edge tools, either within the customer’s existing environment or through newly deployed solutions.
Responsibilities:
- Investigate and analyze incidents with EDR systems to respond to ongoing security incidents in real-time.
- Develop Incident Response initiatives that improve our ability to effectively respond to and remediate security incidents.
- Communicate findings and strategies to technical staff, executive leadership, legal counsel, and internal and external customers.
- Create and present technical reports and timelines to customers.
- Trace malware activity and patterns, and understanding how to remove malware non-destructively.
- Recognize attacker Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOC) and apply to future incident response events.
- Reverse binary files to determine the legitimacy and extract IOCs when possible.
- Conduct forensic examinations on physical devices and perform analyses on live and collected memory.
- Create and refine detection and incident response playbooks.
- Collaborate with internal teams, influence tool development, and direct which tools are used to investigate and contain incidents.
- Produce high-quality written reports, presentations, and recommendations for key stakeholders, including customer leadership and legal counsel.
- Establish a collaborative environment for sharing data on machine timelines and suspicious events.
- Create operational metrics, key performance indicators (KPIs), and service level objectives to measure team competence.