Senior Consultant - Incident Response

Client of Talentmate

Overview

As a Senior Incident Response consultant You will be a technical leader, leveraging your experience and skills to deliver cybersecurity solutions and services to clients preparing for or responding to cyber incidents.

You will serve in a collaborative environment with the blue team and our partners to support our client s collaboration with our team, and You will be responsible for leading elements of the response and working directly with our clients and partners.

Responsibilities

Key Responsibilities

• Serve as technical lead on active incident response engagements and across different IR Retainer customers
• Achieve tasks independently within the team after initial 2-3 months
• Execute threat-hunting activities in support of incident response and proactive environment assessments
• Carry out host-based assessments using EDR tools and network assessments utilizing full packet data to determine the extent and scope of possible compromise
• Perform host and, or network-based forensics across Windows, Mac, and Linux platforms.
• Execute digital forensic investigations supporting cyber incident response engagements
• Contribute to process documentation and continuous service improvement activities
• Collaboration with customers to enhance the defensive security posture and existing security controls
• Produce detailed reports and technical briefs, effectively communicate tasks, methodology, and guidance to customers
• Explain technical findings in a manner that can be easily understood by technical and non-technical staff
  
  

• Strong understanding of blue team operations and threat hunting
• Sound understanding of network protocols, TCP/IP, etc.
• Sound understanding of Microsoft Windows
• Sound understanding of Linux and OSX
• Sound forensic skills across multiple operating systems
• Strong understanding of network analysis tools like Bro/Zeek, Rita, or Suricata
• Ability to perform analysis of system and network devices logs
• Sound understanding of the capabilities of static and dynamic malware analysis
• Sound understanding of enterprise systems, technologies, and infrastructure
• Strong understanding of targeted attacks and ability to create customized tactical and strategic remediation plans for compromised organizations
• Strong understanding of current threats, vulnerabilities, and attack trends
• Strong understanding of the ATT&CK framework
• Excellent organizational skills, ability to prioritize, and ability to work independently
• Any other responsibilities as required by the Line Manager
  
  

• Good attention to detail and reporting accuracy
• English language skills, both spoken and written
• GIAC Certified in a minimum of one discipline: GNFA, GCIH, GCIA, GCFE, GCFA, GDAT, etc. Or equivalent (eLearn Security, etc.)
• Previous experience working with EDR tools and threat-hunting tools
• Previous experience performing network forensics is desirable
• Knowledge about cloud security infrastructure (AWS, Azure, Oracle, others) is desirable
• Excellent organizational skills, ability to prioritize, and ability to work independently
• Minimum Work Experience - 6 years
• Education - Bachelors degree in Computer Science or Engineering is desirable but not mandatory