Posted in

Incident Response Senior Consultant

Incident Response Senior Consultant

CompanyCyberark
LocationNewton, MA, USA
Salary$Not Provided – $Not Provided
TypeFull-Time
Degrees
Experience LevelSenior

Requirements

  • 4+ years’ experience working with incident investigations and containment procedures.
  • 4+ years’ experience with network, disk, memory, and cloud forensics
  • Minimum 1 year of experience leading Incident Response investigations and performing the following: network/log forensics, malware analysis, disk forensics, and memory forensics.
  • Excellent time and project management skills with strong written and verbal communication abilities, capable of creating clear documentation and conveying complex technical concepts concisely.
  • Skilled in building and maintaining effective relationships with customers, managing expectations, and ensuring seamless collaboration to achieve shared objectives.
  • Experienced deploying software within customer environments using tools such as Intune, SCCM, GPO, AWS System Manager, Azure Automation, Ansible, Puppet, JAMF, and scripts.
  • Experienced with EDRs such as CrowdStrike Falcon, SentinelOne, MDE
  • Leading projects and debriefing customers
  • Creating and modification of scripts
  • Enterprise security architecture and security controls.
  • Cloud incidents and forensic responses.
  • Malware triage analysis and disk or memory forensics for Windows, macOS, or Linux
  • Software deployment tools such as Intune, Jamf, Ansible, Puppet, SCCM, CPO, and AWS System Manager.

Responsibilities

  • Investigate and analyze incidents with EDR systems to respond to ongoing security incidents in real-time.
  • Develop Incident Response initiatives that improve our ability to respond and remediate security incidents effectively.
  • Tracing malware activity and patterns and understanding how to remove malware non-destructively.
  • Recognize attacker Tools, Tactics, and Procedures (TTP) and Indicators of Compromise (IOC) and apply to future incident response events.
  • Analyze binary files to determine the legitimacy and extract IOCs when possible.
  • Conducting forensic examinations on physical devices and performing analyses on live and collected memory.
  • Create and refine detection and incident response playbooks.
  • Collaborate with internal and customer teams to investigate and contain incidents.
  • Produce high-quality written reports, presentations, and recommendations, to key stakeholders including customer leadership, and legal counsel.
  • Establishing a collaborative environment for sharing data on machine timelines and suspicious events.
  • Create operational metrics, key performance indicators (KPIs), and service level objectives to measure team competence.

Preferred Qualifications

  • Preferred experience with collection tools such as Splunk, Kibana, or ELK Stack
  • Preferred certifications: GCIH, GX-FA, GNFA, GREM, GCIA, CREST CPIA, CREST CFIA, CFCE, CEH, etc.