What You Will DoConduct host forensics, network forensics and log analysis in support of incident response investigations for systems or applications deployed on-prem or in the cloud.
Perform threat hunting campaigns utilizing information on adversary tools, tactics & procedures (TTPs) and knowledge of how they manifest in security data sources & system telemetry.
Study how attackers operate and their methods, but also use your IT and networking expertise to build & improve detection logic and investigative procedures.
Teach, mentor and support your peers in areas you have specialized knowledge or experience.
Participate in a follow-the-sun on-call rotation.
Desired Skills- Minimum of 7-10 years of experience in investigations and incident response.
- Self-Starter, Go-Getter & Self-Learner.
- Superb communication (verbal and written) skills.
- Reasonable scripting/coding abilities and an eye for automation opportunities.
- A solid grasp of networking and core Internet protocols (e.g. TCP/IP, DNS, SMTP, HTTP, TLS and distributed networks).
- Experience across common security products like - firewalls, IDS/IPS, NetFlow, AV, EDR, SIEM, SOAR, etc.
- Experience or familiarity with the usage of cloud computing platforms & components, like - AWS, GCP, Azure, Docker, Kubernetes, etc.
- Experience or familiarity with the CI/CD pipelines.
- Extensive knowledge of IT infrastructure services, Operating systems, networking.
- Experience or familiarity with protocols & products used for authentication & authorization, like - Radius, Active Directory, LDAP, NTLM, Kerberos, SAML, OAuth, JWT, etc.
- Experience with a mix of red team or blue team tools, like - Metasploit, C2 frameworks, Kali Linux, Security Onion, Burp Suite, Nessus, OSQuery, Yara, sleuth kit, velociraptor, etc.
- Experience in one or more data analytics platforms or languages like - Splunk, Elastic Stack, Kusto Query Language (KQL), Structured Query Language (SQL), etc.
- Agility in commanding several types of security incidents concurrently and a curiosity to learn about the tools and technologies involved.
- Proven track record of managing and coordinating complex security investigations.
- Flexibility – willingness to pitch in where needed across program and team, and outside typical business hours.
- Ability to work shift hours as well as on-call out of hours.
- Strong leadership, influence, and collaboration skills; sound problem resolution, judgment, negotiating and decision-making skills.