Senior Consultant - Incident Response

Job Purpose

As a Senior Consultant – Incident Response, you live and breathe blue team operations. Your technical expertise in endpoint and network threat detection and defense is complemented by your integrity and passion for cyber security and technology. You work well in a team of highly motivated and skilled blue teamers, but you can also achieve your work independently in different engagements and scenarios. You enjoy taking on new challenges in a fast-paced and dynamic working environment. You are a team player who is always willing to help where required, with a humble and positive attitude.

Job Responsibilities

Key Focus Areas

Key Activities

Key Responsibilities:

• At least 6-7 years of experience in the following activities
• Serve as technical lead on active incident response engagements and across different IR Retainer customers
• Achieve tasks independently within the team after initial 2-3 months
• Execute threat-hunting activities in support of incident response and proactive environment assessments
• Carry out host-based assessments using EDR tools and network assessments utilizing full packet data to determine the extent and scope of possible compromise
• Perform host and/or network-based forensics across Windows, Mac, and Linux platforms.
• Execute digital forensic investigations supporting cyber incident response engagements
• Contribute to process documentation and continuous service improvement activities
• Collaboration with customers to enhance the defensive security posture and existing security controls
• Flexible schedule that is open to changing situations and opportunities
• Produce detailed reports and technical briefs, effectively communicate tasks, methodology, and guidance to customers
• Explain technical findings in a manner that can be easily understood by technical and non-technical staff
• Demonstrate industry thought leadership through blog posts, internal brown-bag sessions
• You must be a team player with a humble and approachable nature who is willing to go the extra mile
  
  

• Strong understanding of blue team operations and threat hunting
• Sound understanding of network protocols, TCP/IP, etc.
• Sound understanding of Microsoft Windows
• Sound understanding of Linux and OSX
• Sound forensic skills across multiple operating systems
• Strong understanding of network analysis tools like Bro/Zeek, Rita, or Suricata
• Ability to perform analysis of system and network devices logs
• Sound understanding of the capabilities of static and dynamic malware analysis
• Sound understanding of enterprise systems, technologies, and infrastructure
• Strong understanding of targeted attacks and ability to create customized tactical and strategic remediation plans for compromised organizations
• Strong understanding of current threats, vulnerabilities, and attack trends
• Strong understanding of the ATT&CK framework
• Excellent organizational skills, ability to prioritize, and ability to work independently
  
  

• Effective self-starter with minimal shadowing.
• Ability to work in a fast-paced and collaborative environment with minimal supervision.
• Self-disciplined, team-goal oriented, and comfortable working to regular deadlines.
• Ability to be flexible and to adapt to changing responsibilities, situations, tools, and requirements.
• Enjoy learning new things and sharing knowledge with others.
• Diplomatic but persistent when working with Subject Matter Experts.
• Dedicated to completing projects and willing to go the extra mile when needed.
  
  

• Any other responsibilities as required by the Line Manager
  
  

• Good attention to detail and reporting accuracy
• English language skills, both spoken and written
• GIAC Certified in a minimum of one discipline: GNFA, GCIH, GCIA, GCFE, GCFA, GDAT.
• Or equivalent (eLearn Security)
• Previous experience working with EDR tools and threat-hunting tools
• Previous experience performing network forensics is desirable
• Knowledge about cloud security infrastructure (AWS, Azure, Oracle, others) is desirable.
  
  

• Bachelors degree in Computer Science or Engineering desirable but not mandatory