Innovation: Be part of a team that fosters a culture of experimentation, innovation, and continuous learning.
Impact: Play a key role in safeguarding our enterprise from advanced cyber threats and improving our overall security posture.
Growth: Opportunities for professional growth and development through challenging projects and ongoing training.
Collaboration: Work in a collaborative environment that values relationships and teamwork.
Responsibilities
Incident Response Experience: Respond to incidents to retrieve, analyze, and preserve critical data, utilizing forensics and network knowledge on a global scale. Conduct thorough host forensics, network forensics, log analysis, and malware triage to arrive at conclusive findings and support incident response investigations.
Tool Development: Identify areas for improvement in processes and tooling related to response at scale. Develop and enhance scripts, tools, and methodologies to support the collection and analysis of data on a large scale, optimizing our incident investigation capabilities.
Team Support and Mentorship: Provide support and guidance to other members of our CSIRT team, working closely with Staff level responders and management.
Global Reporting and Coordination: Translate technical analysis into clear reports and coordinate response actions with team members globally. Assist in drafting detailed reports and assigning remediation recommendations across internal and external organizations.
Training and Presentations: Develop and present comprehensive training sessions and presentations for both technical and non-technical audiences.
Global Collaboration: As an expert in the field, work closely with teams globally during incidents, including threat hunting, threat intelligence, and detection engineering. Collaborate to share information, enhance detection capabilities, and respond effectively to threats.
Requirements
Incident Response Expertise: 3+ years of hands-on experience in incident response, including digital forensics, in a robust environment. Strong understanding of the collection and evidence retention of collected artifacts.
Technical Proficiency: Strong understanding of digital forensics and network-based artifacts, including cloud, container, and host environments. Proficient in responding to incidents, analyzing triaged data, and using EDR technology to review data at scale. Reviewing dynamic malicious files including reverse engineering is a plus.
Investigative Skills: Strong investigative background with expertise in efficiently managing and resolving complex cases. Proficient in identifying key indicators of compromise, analyzing attack vectors, and determining root causes to guide resolution steps.
System Internals: Understanding of the internals and constructs of Linux, macOS, and Windows operating systems.
Cloud Security: Experience in administering, attacking, or defending cloud environments (AWS, Azure, GCP).
Log Analysis: Understanding of logs from cloud, network, and endpoint devices.
SIEM Expertise: Skills in writing complex searches or analytics for popular SIEM solutions.
Programming Skills: Proficiency in bash and at least one interpreted programming language (Python, Ruby, etc.).
Team Collaboration: Ability to promote a collaborative working environment that enhances teamwork, predictability, clarity, and a culture of innovation.
Multitasking: Ability to handle multiple tasks in a fast-paced environment effectively.
On-Call Rotation: Willingness to participate in an on-call rotation as required.
Additional Information
Contract duration: 1 year, with possibility of extension
Employment type: Only CIM contract
Work setup: Hybrid, 2-3 days per week in the office
