Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis and direct system remediation) tasks to support deployable Incident Response Teams (IRTs)
Conduct threat analysis and assessments on network/systems, monitor, maintain, update and secure client’s infrastructure
Establish, maintain and execute all components of an incident response plan, including run books, from incident intake through root cause analysis, technical remediation analysis and reporting
Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system (IDS) logs to identify possible threats to network security
Execute cyber defense incident triage to include determination of scope, urgency and potential impact; identifying the specific vulnerability and making recommendations that enable expeditious remediation
Perform initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems
Accurately document incidents from beginning to end including evidence handling.
Preferred Skills
5 years or more experience working in a complex enterprise environment
Strong understanding of vulnerability and exploitation concepts
Strong experience in firewalls, IDS/IPS, DNS, SEIM, cybersecurity tools
Previous experience performing threat hunting and incident response using SIEM tools, cybersecurity management tools
Knowledge of Malware Analysis, Reverse Engineering and Host-based and Memory Forensics tools and techniques
Deep understanding of computer intrusion activities, incident response techniques, tools and procedures
Knowledge of digital forensics methodology as well as security architecture, system administration and networking (including TCP/IP, DNS, HTTP, SMTP)
Knowledge of operating systems including Linux/Unix and Windows
Experience with programming languages such as Python, Perl, C/C++, PowerShell, etc.
Experience with security assessment tools such as NMAP, Netcat, Nessus, and Metasploit is a plus .