ideally in large enterprise environments. You will have proficiency with leading EDR tools as well as familiarity with forensic analysis tools such as X-Ways, EnCase Forensic or FTK and live response analysis.
Furthermore, familiarity with Windows and Linux enterprise environments and systems such as Active Directory, Exchange, FWs, IPS / IDS, SIEMs, etc.
is preferred. Excellent written and verbal communication skills are required. When not responding to breaches, you will conduct enterprise threat hunting, help clients develop incident response plans, facilitate tabletop and purple team exercises as well as provide other strategic security services related to incident response.
Security Consulting Skills : Understanding of information security governance concepts, including familiarity with elements of cyber security incident response plans, incident response management, and lifecycle.
Ability to gauge maturity level of an organization's incident response program by applying industry best practices, while being cognizant of an organization's industry, size, budget, and threat profile.
Accurately assess and evaluate client's needs, propose an appropriate and applicable service, and clearly communicate the solution to the customer.
A strong understanding of attacker methodologies, attack lifecycle, Cyber Kill Chain, etc.A strong technical writing abilityCapable of working independently as well as providing leadership on internal projects and client engagements.
Strong ability to communicate to customers of varying technical levels.Forensic Analysis & Incident Response Skills : Ability to forensically analyze both Windows & Unix systems for evidence of compromise.
Proficiency with industry standard forensic tools such as EnCase, FTK, X-Ways, Sleuthkit.Experience performing log analysis locally and via SIEM / log aggregation tool.
Experience hunting threat actors in large enterprise networks.Familiarity with leading Endpoint Detection & Response (EDR) tools.
Analyze and / or decipher packet captures from network protocol analyzers (Wireshark, TCPdump, etc).Demonstrate an understanding of common applications used in Windows and Linux enterprise environment.
Familiarity with Active Directory, Exchange and Office365 applications and logs.Familiarity with the tools and techniques required to analyze & reverse diverse protocols and data traversing a network environment.
Experience with writing cohesive reports for a technical and non-technical audience.