Job Description
Responsible for incident response efforts, conducting comprehensive forensic investigations and proactively hunting for threats within the network and systems and remediate security incidents.
Responsibilities
- Monitor and analyze threat intelligence feeds, security blogs, and industry news to stay informed on emerging threats and vulnerabilities.
- Conduct forensic investigations for cybersecurity incidents, including data breaches, advanced persistent threats (APT), ransomware, and insider threats.
- Utilize forensic tools and techniques to collect and analyze evidence, ensuring secure evidence handling and chain of custody for compliance with legal and regulatory standards.
- Conduct in-depth analysis of security events from multiple sources, such as SIEM, IDS/IPS, firewall logs, endpoint detection tools, and network traffic data.
- Develop and execute advanced threat-hunting queries and custom searches to detect malicious activities that may evade standard detection systems and improve detection rules.
- Conduct host-based forensic analyses across various platforms, including Windows, Linux, macOS, and mobile devices.
- Conduct network-based forensics using platforms such as NDR, Security Onion.
- Conduct initial malware analysis to assess potential risks.
- Proactively hunt for threats in the organization's network by identifying Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) used by adversaries.
- Build and refine threat-hunting playbooks and runbooks to standardize and enhance threat-hunting operations.
- Communicate findings through detailed, high-quality reports and presentations to security teams, management, and relevant stakeholders.
- Experience with Forensic Tools such as FTK, Encase, Oxygen, Cellebrite, etc.
- Develop the remediation strategies for compromised environments.
- Develop custom scripts to automate the security log analysis.
- Conduct cloud incident response across Azure & AWS.
- Utilize the MITRE ATT&CK framework to map detected threats and enhance threat-hunting capabilities.
- Ensure timely closure of incidents in compliance with SLA requirements.
Qualifications
Mandatory:
- Bachelor's degree in Cybersecurity, Computer Science, or related field (or equivalent work experience)
- DFIR related certifications.
- Hands-on experience with Windows and Linux environments, can read and explain Windows or Linux logs effectively.
- Strong hands-on experience with Incident Response and Digital Forensics.
- Practical Investigation experience (end-to-end case handling or evidence processing exposure).
- Investigation background can't just be focused on EDR and SIEM tools. NEEDS exposure to Host-Level Investigations.
- Docker OR Kubernetes.
- Possess relevant SANS certifications, and preferably have experience working with SIEM platforms such as Microsoft Sentinel and Splunk.
- Ability to write and execute complex queries using KQL (Kusto Query Language) .
- SANS GCFA, GCFE & GCIH.
- Minimum 6 years of experience in in digital forensics, incident response, or threat hunting.
- Expertise in Digital Forensics, Incident Response, and Threat Hunting.
Preferred
- Strong knowledge of forensic tools such as EnCase, FTK, Oxygen, Cellebrite, Volatility, and other forensics analysis tools.
- Experience with cloud forensics for platforms such as AWS & Microsoft Azure.
- Skilled in scripting (e.g., Python, PowerShell) for automation of forensics and incident response tasks
- Knowledge of the MITRE ATT&CK framework for categorizing and responding to adversarial techniques
- Ability to communicate complex technical findings effectively to both technical and non-technical audiences
- Strong analytical and problem-solving skills, with attention to detail and accuracy
- Self-driven and able to work effectively in high-stress situations, handling multiple incidents simultaneously
- Demonstrated ability to work both independently and collaboratively within a team
