What will you do:
- Digital Forensics and Incident Response (DFIR):
- Perform digital forensics analysis on various types of evidence, such as disk, memory, network, and cloud artifacts (AWS – advantage).
- Support incident response efforts by providing technical expertise, containment, eradication, and recovery guidance.
- Maintain and operate forensic tools and platforms, ensuring they are up-to-date and reliable.
- Document and report on forensic findings and recommendations, following the established procedures and standards.
- Threat Hunting:
- Proactively hunt for malicious activity and indicators of compromise across CyberArk's network, endpoints, and cloud environments using various data sources and analytical techniques.
- Develop and refine custom threat-hunting hypotheses, queries, and dashboards based on the latest threat intelligence and trends.
- Collaborate with the SOC team to validate, escalate, and respond to identified threats.
- Research and Development:
- Research emerging threats, attack vectors, threat actors, ATPs, security technologies and CyberArk products and share insights and best practices with the team and the broader security community.
- Develop and improve tools, scripts, correlation alerts and automation to enhance the SOC team's DFIR and threat-hunting capabilities.