Follow NIST IR guidelines to manage high visibility Cybersecurity incidents while performing real-time analysis (e. g., forensic collection, intrusion correlation/tracking, threat analysis, and direct system remediation) to determine scope and root cause (RCA)
Monitor and proactively hunting the organization s computer networks and systems to identify any violations and security threats that need to be resolved, performing digital forensics in identified scenarios
Perform malware analysis to gain insights to assist security incident activities; prioritizing and differentiating between potential intrusion attempts and false alarms
Utilizing threat intelligence reports in supporting investigations, incident response and vulnerability threat management efforts
Carry out tests to simulate attacks so they can identify areas where the company is vulnerable and ways in which its systems might be exploited by hackers and viruses
Prepare and create reports to document any process implementation, improvements made, and security threats that may have impacted the organization
Interface with cross-functional teams such as Infrastructure, Legal, Privacy, and the Business to address Cybersecurity related issues communicating complex information, concepts, or ideas in a confident and well-organized manner to both technical and non-technical audiences
Mentor and knowledge share with other members of the IR and SOC functions Participate and conduct internal training exercises, tabletops, and lunch and learns
Enhancing processes around a Global Cyber Threat Security Operations framework, developing net new security services and functions while leading Project Increment (PI) Planning initiatives
Qualifications
6+ years of direct experience in an Information Security role
3+ years of performing Digital Forensics and Incident Response (DFIR) with licensed, open-source, and native system tools
1+ years of experience with Cloud Technologies preferred (Azure, GCP, and AWS)
One or more certifications, preferably in computer/network forensics, including but not limited to: CySA+, Network+, GCIH, GCIA, GCFE, GREM, GCFA, GSEC, CISSP, eJPT, eCPPT, eCIR, or equivalent
Strong problem-solving mentality, and ability to maintain composure during rapid-paced, time sensitive investigations
Ability to maintain confidentiality while working with sensitive information internally, externally, effectively communicate problems and solutions to business stakeholders in non-technical way
Maintain situational awareness and keep current with cyber security news and threat actor Tactics, Techniques, and Procedures (TTPs)
Knowledge of standing up virtualized environments for conducting forensic analysis of logs, images, and malware
Experience in correlation and investigations while making recommendations to enable expedited remediation, programming languages to automate repetitive tasks preferred
Knowledge of the Windows and Unix/Linux file structure, windows registry, common networking protocols and standard
