Incident Response

Both your clients and your colleagues consider you a charismatic, articulate individual, and a born diplomat.

You check your ego at the door and learn from others constantly, while also helping to educate those who aren’t as well versed as you are in technical or procedural topics.

As a result, you have a track record of working tirelessly to help your clients and teammates and have even come up with some novel techniques in your time.

Respond to global cyber incidents caused by internal and external threats to our customers, that may involve nontraditional working hours.

Understanding of recent adversary attacks and how best to detect, contain, and remediate recent threats.

Foundational familiarity and understanding of host centric analysis utilizing a variety of forensic tools (e.g.

EDR, X-Ways, Volatility, Cisco Secure Endpoint, Velociraptor, etc.).

Familiarity with network forensic analysis with an understanding of how to leverage network telemetry to assist with an investigation.

Understands, and can clearly communicate the Incident Response Lifecycle and the Kill Chain (Attack) Life Cycle as it relates to recent known adversary activity.

Demonstrate capability to map technical findings to business impacts and communicate those in a manner which is understandable by a non-technical audience.

Be able to assist with scoping an incident, gain consensus on objectives with customers, and participate in a team of incident response consultants during an emergency engagement.

Familiarity with the theory of threat hunting, and how to proactively hunt for adversaries on customer networks leveraging a variety of tools and techniques.

Understand the concept of Table-Top Exercises, and preferably have experience with conducting or participating in Table-Top Exercises previously.

Understand the concept of performing Incident Response Readiness Assessments for customers, and an understanding of performing interviews and document review.

Familiarity with the process of collaborating on developing written communication of assessments, and reports that may be both internal and customer facing, this includes communication to various levels including technical teams, leadership, and executive management.

Serve as a liaison to different businesses and interface with fellow team members and colleagues on other security teams.

Participate in IR related consulting projects as directed.

Be a contributor to process improvement.

Help to develop and document process improvements to ensure efficient, consistent, and scalable consulting operations.

Interest in helping to develop public facing material such as blog posts, podcasts, whitepapers, or presentations at conferences.

Familiarity of current cyber security threats, attacks, and countermeasures.

Such as Ransomware, Cyber Crime, Hacktivism and associated tactics.

Interest in recognized IT Security-related standards and technologies, demonstrated through training, job experience and/or industry activities.

Preferred: Prior experience in information security and experience handling or investigating cyber security incidents.

Must be willing to be on-call and work off-shift hours, potentially to include nights, weekends, and holidays.

Preferred: Industry certifications such as the CISSP, CISM, CISA, GCIH, CFCE, GCFA, GNFA, and/or GCFE.

Certifications are not a requirement for this position.

The certifications listed provide examples of the skills required to be successful in the role.