Cyber Defense Labs is a full life-cycle information security service provider helping companies manage, detect and respond to today’s cyber risks. We provide trusted cyber risk management services to help companies reduce business risk before, during and after a cyber event.

Digital Forensics and Incident Response Specialist

Job Summary:

As a Digital Forensics and Incident Response Specialist, you will be a part of our Professional Services Team representing Cyber Defense Labs to respond to customer Security Incidents and Breaches. In this role, you will use your knowledge of conducting deep-dive analysis of network traffic/packet captures and logs, webservers, cloud environments, enterprise servers, endpoint systems, and/or malware to support our customers in a high-paced operational environment. You will use your deep understanding of both existing and emerging threat actors, as well as experience identifying rapidly changing tools, tactics and procedures of attackers to support our team’s investigations. You must be able to see the big picture, understanding evolving attacker behavior and motivations, participate in large client-facing projects, and help to train/mentor other security consultants.

Primary Duties and Responsibilities:

Be a Subject Matter Expert in the analysis of one or more of the following areas: Network Traffic and Logs, File Systems, Memory, Cloud, and/or Malware. Use those skills in the conduct of Incident Response investigations.

Identify potential, successful, and unsuccessful intrusion attempts and compromises by thoroughly reviewing and analyzing security event details for both on-premises and cloud environment.

Communicate results to clients regarding intrusions and compromises to their network infrastructure, applications, and operating systems.

Make recommendations for immediate and long-term changes to contain intrusions, remediate issues, and mitigate risks.

Develop investigative plans for collecting evidence, triaging, and responding to security incidents for a team of responders and client personnel.

Teach and mentor teammates in Digital Forensics and Incident Response disciplines.

Identify Indicators of Compromise and digital fingerprints that can be used by defender, responder, and intelligence personnel to prevent, detect, and investigate security incidents.

Research and use cutting edge technology to create countermeasures.

Conduct Threat Hunting operations when not involved in response activities.

Role Qualifications:

5+ years of Digital Forensics and Incident Response experience in area of expertise.

2+ years of experience conducting DFIR in a consulting role.

Must be experienced in Network Traffic Analysis, utilizing various technologies, like Wireshark, Netflow, Bro, dShell, and Fluentd.

Thorough understanding of Domain Name Service records.

Hands-on use of network access control, intrusion prevention and detection systems, firewalls, routers to prevent and remediate security incidents.

Basic understanding of malware (malware communication, installation, malware types).

Experience building scripts, tools, or methodologies to enhance investigation processes.

Excellent report writing and presentation skills with the ability to explain technical details in a concise, understandable manner.

Knowledge of current threat landscape.

Experience identifying vulnerabilities in network security architecture regarding security incidents and understands best practices for security architecture within a cloud environment

Ability to travel up to 20%

Cyber Defense Labs requires its colleagues to be fully vaccinated against COVID-19 unless they are approved for a reasonable accommodation based on medical reasons or a religious belief that prevents them from being vaccinated.

Required Certification:

GCFA, GNFA, GREM, CCE, CCSP, CCNP: Security, AWS Certified Security, Microsoft Certified: Azure Security Engineer Associate, or related certification

Education and/or Experience:

College Degree in Cyber Security or Information Technology or equivalent work experience.

Bonus Skills:

Experience with Elasticsearch, Logstash and Kibana (ELK) or Splunk.

Experience installing and configuring network taps and SPAN ports.

Ability to write and understand complex regular expressions (PCRE).

Skilled using Endpoint Detection and Response tools (e.g. FireEye, Carbon Black, Cylance, Crowdstrike) and Network Detection and Response Tools (e.g. Cisco Stealthwatch, Fidelis Elevate, Gigamon ThreatInsight)

Knowledge of evidence handling (Chain-of-custody)

Malware Reverse Engineering skills