Responsibilities

• Project-Based
  • Coordinate and execute incident response for customers in multiple market verticals including Finance, Healthcare, and Retail Operations.
  • Coordinate and execute Threat Hunting engagements
  • Develop detailed “runbooks” for responding to well-known attacks that can be tailored to specific customer environments.
  • Prepare clear and concise situation reports and activity summaries for BLS customers and Senior Leadership.
  • Execute verification and validation testing for customer mitigations and fixes.
  • Develop and deliver walkthrough(s), proof(s) of concept (PoCs), articles, and formal presentations.
• Research and Development (R&D)
  • Attend and/or present at professional conferences and events
  • Participate in the development of:
  • Novel defensive tactics, techniques, and procedures (TTPs)
  • Applications, utilities, and scripts.
  • Threat hunting capabilities consistent with the Mitre Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework as well as emerging offensive TTPs
  • DFIR techniques, tactics, and capabilities.

Requirements

• Experience coordinating and performing incident response.
• Experience with basic scripting languages including python, bash and/or PowerShell.
• Experience with at least one object-oriented programming language (Python, Ruby, Java, etc.).
• Experience hardening *nix and Windows systems images and builds.
• Experience parsing, consuming, and understanding log sources from variety of devices/systems.
• Experience with one or more SIEMs (ArcSight, LogRythm, AlienVault, etc.)
• Experience with DFIR toolsets (Sleuth Kit, Encase, FTK)
• Must be US citizen (must be willing to submit to federal, state, and local background checks and other requirements).
• Knowledge of Windows, Unix, TCP/IP, IDS/IPS, and web content filtering.
• Demonstrated ability to:
  • Adhere to the highest standards of honesty and scientific and business integrity.
  • Think critically about complex problems and situations.
  • Understand threat models and effectively communicate risk and impact.
  • Apply industry standards and best practices including the Mitre ATT&CK framework and NIST Incident Response (800-61).
  • Possess a basic understanding of regulatory standards and requirements including the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS), and the Gramm-Leach-Bliley Act (GLBA).

Preferences

• Experience operating within a Security Operations Center (SOC).
• Experience with Splunk or ElasticSearch.
• Experience building, modifying, and/or deploying open source defensive tool sets

Contact

Apply Online