Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Jobs InfoSec Jobs

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Digital Forensics and Incident Response Specialist
Company Cyber Defense Labs
Location Remote , US
Preferred GIAC Certifications GCFA, GNFA, GREM, GCFE
Travel 10%
Salary Not provided
Contact Name David England
Contact Email david.england/at/
Expires 2021-06-02

Job Description

As a Digital Forensics and Incident Response Specialist, you will be a part of our Professional Services Team representing Cyber Defense Labs to respond to customer Security Incidents and Breaches. In this role, you will use your knowledge of conducting deep-dive analysis of network traffic/packet captures and logs, webservers, cloud environments, enterprise servers, endpoint systems, and/or malware to support our customers in a high-paced operational environment. You will use your deep understanding of both existing and emerging threat actors, as well as experience identifying rapidly changing tools, tactics and procedures of attackers to support our team’s investigations. You must be able to see the big picture, understanding evolving attacker behavior and motivations, participate in large client-facing projects, and help to train/mentor other security consultants.

Primary Duties and Responsibilities:

Be a Subject Matter Expert in the analysis of one or more of the following areas: Network Traffic and Logs, File Systems, Memory, Cloud, and/or Malware. Use those skills in the conduct of Incident Response investigations.
Identify potential, successful, and unsuccessful intrusion attempts and compromises by thoroughly reviewing and analyzing security event details.
Communicate results to clients regarding intrusions and compromises to their network infrastructure, applications, and operating systems.
Make recommendations for immediate and long-term changes to contain intrusions, remediate issues, and mitigate risks.
Develop investigative plans for collecting evidence, triaging, and responding to security incidents for a team of responders and client personnel.
Teach and mentor teammates in Digital Forensics and Incident Response disciplines.
Identify Indicators of Compromise and digital fingerprints that can be used by defender, responder, and intelligence personnel to prevent, detect, and investigate security incidents.
Research and use cutting edge technology to create countermeasures.
Conduct Threat Hunting operations when not involved in response activities.

Role Qualifications:

5+ years of Digital Forensics and Incident Response experience in area of expertise.
Must be experienced in Network Traffic Analysis, utilizing various technologies, like Wireshark, Netflow, Bro, dShell, and Fluentd.
Thorough understanding of Domain Name Service records.
Hands-on use of network access control, intrusion prevention and detection systems, firewalls, routers to prevent and remediate security incidents.
Basic understanding of malware (malware communication, installation, malware types).
Experience building scripts, tools, or methodologies to enhance investigation processes.
Excellent report writing and presentation skills with the ability to explain technical details in a concise, understandable manner.
Knowledge of current threat landscape.
Experience identifying vulnerabilities in network security architecture regarding security incidents.
Ability to travel up to 30%.

Required Certification:

GCFA, GNFA, GREM, CCE, CCSP, CCNP: Security, AWS Certified Security, Microsoft Certified: Azure Security Engineer Associate, or related certification

Education and/or Experience:

College Degree in Cyber Security or Information Technology or equivalent work experience.

Bonus Skills:

Experience with Elasticsearch, Logstash and Kibana (ELK) or Splunk.
Ability to write and understand scripts in languages such as Python, Ruby, Bash, etc
Ability to write and understand complex regular expressions (PCRE).
Skilled using Endpoint Detection and Response tools (e.g. FireEye, Carbon Black, Cylance, Crowdstrike)
Experience with 'big-data' platforms such including Hadoop, HDFS, Apache Spark etc.
Knowledge of evidence handling (Chain-of-custody)
Malware Reverse Engineering skills

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.