Incident Response Senior Consultant
| Company | Cyberark |
|---|---|
| Location | Newton, MA, USA |
| Salary | $Not Provided – $Not Provided |
| Type | Full-Time |
| Degrees | |
| Experience Level | Senior |
Requirements
- 4+ years’ experience working with incident investigations and containment procedures.
- 4+ years’ experience with network, disk, memory, and cloud forensics
- Minimum 1 year of experience leading Incident Response investigations and performing the following: network/log forensics, malware analysis, disk forensics, and memory forensics.
- Excellent time and project management skills with strong written and verbal communication abilities, capable of creating clear documentation and conveying complex technical concepts concisely.
- Skilled in building and maintaining effective relationships with customers, managing expectations, and ensuring seamless collaboration to achieve shared objectives.
- Experienced deploying software within customer environments using tools such as Intune, SCCM, GPO, AWS System Manager, Azure Automation, Ansible, Puppet, JAMF, and scripts.
- Experienced with EDRs such as CrowdStrike Falcon, SentinelOne, MDE
- Leading projects and debriefing customers
- Creating and modification of scripts
- Enterprise security architecture and security controls.
- Cloud incidents and forensic responses.
- Malware triage analysis and disk or memory forensics for Windows, macOS, or Linux
- Software deployment tools such as Intune, Jamf, Ansible, Puppet, SCCM, CPO, and AWS System Manager.
Responsibilities
- Investigate and analyze incidents with EDR systems to respond to ongoing security incidents in real-time.
- Develop Incident Response initiatives that improve our ability to respond and remediate security incidents effectively.
- Tracing malware activity and patterns and understanding how to remove malware non-destructively.
- Recognize attacker Tools, Tactics, and Procedures (TTP) and Indicators of Compromise (IOC) and apply to future incident response events.
- Analyze binary files to determine the legitimacy and extract IOCs when possible.
- Conducting forensic examinations on physical devices and performing analyses on live and collected memory.
- Create and refine detection and incident response playbooks.
- Collaborate with internal and customer teams to investigate and contain incidents.
- Produce high-quality written reports, presentations, and recommendations, to key stakeholders including customer leadership, and legal counsel.
- Establishing a collaborative environment for sharing data on machine timelines and suspicious events.
- Create operational metrics, key performance indicators (KPIs), and service level objectives to measure team competence.
Preferred Qualifications
- Preferred experience with collection tools such as Splunk, Kibana, or ELK Stack
- Preferred certifications: GCIH, GX-FA, GNFA, GREM, GCIA, CREST CPIA, CREST CFIA, CFCE, CEH, etc.