Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Jobs InfoSec Jobs

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Incident Response Senior Advisor
Company Secureworks
Location Remote US
Preferred GIAC Certifications GCFE, GCFA, GCTI, GNFA, GREM
Travel 15%
Salary Not provided
Contact Name Anonymous
Contact Email troy.bettencourt/at/
Expires 2021-06-26

Job Description

Secureworks® (NASDAQ: SCWX) a global cybersecurity leader, enables our customers and partners to outpace and outmaneuver adversaries with more precision, so they can rapidly adapt and respond to market forces to meet their business needs. With a unique combination of cloud-native, SaaS security platform and intelligence-driven security solutions, informed by 20+ years of threat intelligence and research, no other security platform is grounded and informed with this much real-world experience.

We enjoy competitive compensation and benefits packages, and reward and recognize our employees for exceptional results. A constant focus on continued learning and growth keeps our team members engaged and excited about “what’s next.” We offer flexible work options when available, and emphasize the importance of work-life balance. We know that when our people are rewarded, recognized, and rejuvenated, we win as a team.

Role Responsibilities:

The Incident Response Consultant is focused on working with customers on cyber threat hunting and cyber incident response efforts. Cyber threat hunting includes helping customers identify unknown compromise activity and gaps in their cybersecurity controls. Responding to cyber incidents includes helping customers manage the technical and non-technical aspects of incident response efforts, conducting investigative analysis using digital forensics methods to help customers identify and reconstruct the nature and scope of cyber incident activity, and developing tailored remediation plans.

Serve as subject matter expert in incident response, cyber threat hunting, and digital forensic analysis efforts
Perform complex incident response investigative analysis and develop conclusions based on the analysis of host, network, and cloud digital artifacts
Document findings and develop tailored incident response remediation recommendations to present both orally and in written reports to customers
Develop tailored incident response remediation plans for major cyber incidents to direct customer containment and recovery efforts
Participate in a 24x7 on-call rotation for supporting requests from global incident response customers
Travel as needed to assist customers with on-site incident response efforts
Availability for periodic after-hours, weekends, and holiday work to support global incident response customers


Minimum Requirements:

Minimum of 5 years of cybersecurity experience in complex operating environments
Minimum of 2 years of host forensics, network forensics, and cloud forensics experience for threat hunting and incident response efforts
Minimum of 2 years of experience with one or more of the following tools: X-Ways, Magnet, F-Response, Volatility, Open Source Forensics Tools
Minimum of one or more of the following certifications: GCFE, GCFA, GCTI, GNFA, GREM, CCIM, or CySA+

Preferred Skills:

Undergraduate degree in computer science, information systems, information assurance, cybersecurity, or equivalent work experience
Familiar with tactics, techniques, and procedures commonly employed by threat actors, and their means and motivations
Understanding of vulnerabilities and techniques used by threat actors to discover, analyze, and exploit information system vulnerabilities
Theoretical and practical knowledge in the following areas:
Unix, Linux, Windows, and macOS operating systems
AWS, Azure (including Microsoft 365), and GCP
Exploits, vulnerabilities, intrusion vectors, and malware
Network traffic analysis, endpoint activity analysis, log analysis, and malware analysis techniques
Enterprise cyber incident management and response processes
Enterprise cybersecurity controls and failure modes
Applied knowledge in scripting and programming languages
Cybersecurity frameworks relevant to cyber incident response and cyber threat hunting: MITRE ATT&CK, CIS Controls, NIST CSF, NIST 800-53

Remote - US

Up to 15% travel


Secureworks (A Dell Technologies Company) is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Secureworks are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Secureworks will not tolerate discrimination or harassment based on any of these characteristics. Learn more about Diversity and Inclusion at Secureworks here.

Job ID: R084543