SOC Incident Responder

• Lead and/or support in-depth triage and investigations of urgent cyber incidents in cloud, traditional, and hybrid environments
• Perform incident response functions including host-based analytical functions through investigating Windows, Unix-based, appliances, and Mac OS X systems to uncover Indicators of Compromise (IOCs) and/or Tactics, Techniques and Procedures (TTPs)
• Create and track metrics based on the MITRE ATT&CK Framework and other standard security-focused models
• Work with application and infrastructure stakeholders to identify key components and information sources
• Participate in incident response efforts using forensic and other custom tools to identify sources of compromise and/or malicious activities taking place
• Collaborate with global multidisciplinary groups for triaging and defining the scope of large-scale incidents
• Document and present investigative findings for high-profile events and other incidents of interest
• Participate in readiness exercises such as purple team, tabletop activities, etc.
• Train junior colleagues on relevant best practices.

• Bachelor's degree in a technically rigorous domain such as Computer Science, Information Security, Engineering, Digital Forensics, etc.
• 3+ years of professional experience in cybersecurity and/or information security, or demonstrated equivalent capability
• 1+ years hands-on working in cyber incident response and investigations in medium to large organizations with cloud and forensics components
• Experience in Cloud Forensics/IR
• Hands-on Dev/Sec/Ops experience with cloud environments and underlying storage, compute and monitoring services
• Prior experience with cloud common services
• Hands-on experience with forensic investigations or large scale incident response in cloud environments
• Hands-on experience with containerization methods and tools (e.g. Docker, Kubernetes) including incident response and digital forensics
• Certifications (e.g. GIAC, AWS, etc.) in cloud or demonstrated equivalent capability
• Hands-on experience with analyzing and pivoting through large data sets
• Current hands-on experience in digital forensics (e.g. computer, network, mobile device forensics, and forensic data analysis, etc.)
• Memory collection and analysis from various platforms
• Evidence preservation, following industry best practices
• Familiarity with malware analysis and Reverse Engineering of samples (e.g. static, dynamic, de-obfuscation, unpacking)
• In-depth File system knowledge and analysis
• In-depth experience with timeline analysis
• In-depth experience with Registry, event, and other log file and artifact analysis
• Hands-on experience with a DFIR toolset and related scripting
• Current expertise with an EDR system
• One or more GIAC (e.g. GCFE, GCFA, GREM, GCIH, GASF, GNFA, etc.) or other digital forensic and/or incident response certifications
• Experience in the following operating systems: Windows Operating Systems / UNIX / Mac OS X, specifically in system administration, command line use, and file system knowledge
• Proficient in basic scripting and automation of tasks (e.g. C/C++, Powershell, JavaScript, Python, bash, etc.)
• Working knowledge of networking protocols and infrastructure designs
• including routing, firewall functionality, host and network intrusion detection/prevention systems, encryption, load balancing, and other network protocols
• Working knowledge of relational database systems and concepts (SQL Server, PostgreSQL, etc.)
• Working knowledge of virtualization products (e.g. VMware Workstation)
• Must have flexibility to work outside of normal business hours when necessary.

Exceptional candidates from non-traditional backgrounds or who otherwise do not meet all of these criteria but demonstrate sufficient skill and experience.

• Equal opportunity employer
• Work in a highly skilled and collaborative team
• Opportunities to establish partnerships, mentor colleagues, and shape team culture
• Flexibility to innovate and inspire others.