Your Role and ResponsibilitiesAs a Cybersecurity Consultant, you’ll provide consulting services to analyze and resolve security incidents and to work with the client to achieve an overall superior security posture. Your responsibilities may encompass:
- Responsible for conducting incident response operations according to documented procedures and industry best practices.
- Will be required to participate in multiple intelligence communities and be able to disseminate pertinent information throughout the SOC.
- Helps client IT and business executives understand Security issues, risks, exposures, and vulnerabilities using interviews, workshops and assessments.
- Define business drivers and develop associated endpoint strategy, programs, incident response plans, and remediation recommendations and roadmaps.
Required Technical and Professional Expertise
- Knowledge of network security zones, Firewall configurations, IDS policies and systems communications from Layer 1 to 7
- Experience with Network and Network Security tools administration, Systems Administration (Linux and Windows), Middleware, and Application Administration
- Knowledge in networking and attack methods such as SQLi and pivoting, packet capture and analysis
- Experience in multiple security areas such as SIEM, EDR, XDR, ASM, IDS, APT, and WAF and Security Assessment tools (NMAP, Nessus)
- Experience with log search tools such as HP Arcsight, Splunk, usage of regular expressions and natural language queries and knowledge of log formats and ability to aggregate and parse log data for syslog, http logs, DB logs for investigation purposes.
- Experience on creation of containment strategy and execute.
Preferred Technical and Professional Expertise
- Experience or exposure on the following skills is a plus:
- Computer Forensic Investigation such as Windows Forensic Analysis FOR408 – (Optional GCFE certification) or
- Perimeter Protection in Depth – SEC502 (optional GCFW certification) or
- Advanced Security Essentials – SEC501 (optional GCED certification) or
- Intrusion Detection in Depth – SEC503 (GCIA certification) or equivalent or
- Hacker Techniques, Exploits & Incident Handling – SEC504 (optional GCIH certification) or
- GIAC Continuous Monitoring (optional GMON certification) or
- Advanced digital forensics and Incident Response – FOR 508 (Optional GCFA certification) or equivalent