Incident Responder (IR) Senior Cyber Security Engineer

September 12, 2022
Apply Now

Job Description

• Execute the incident response process according to the incident response standard operating procedures while providing recommendations and guidance to customers
• Provide subject matter insight to clients about industry threat intelligence by developing advisories and maintaining deep awareness and understanding of evolving threat landscape
• Perform threat hunting to proactively identify attacks within customer networks by developing procedures and using existing tools
• Conduct research and continuously improve tools, methodologies, and techniques
• Serve as a subject matter expert for other consultants/teams and regularly collaborate and contribute to increasing the knowledge level of the group
• Demonstrate capability to map technical findings to business impacts and communicate those in a manner that is understandable by a non-technical audience
• Act as a point of escalation for critical security events and incidents and to OBRELA’s CSIRT team for escalation and remediation
• Take part in regular blue/purple team exercises and CTF events

Requirements

• Be able to clearly communicate the Incident Response Lifecycle and the Attack Life Cycle (Kill Chain)
• Specialize in host-centric analysis of Windows and Linux systems utilizing forensic tools
• Familiar with network forensic analysis, with a good understanding of network protocols
• Understanding of different attacks techniques and tactics to provide custom detection, containment, and remediation plans for customers
• Programming/Scripting (Python, PowerShell, Bash etc.)
• Proactively seek adversaries on customer networks using a variety of tools and techniques
• Bachelors’ Degree in Computer Science or a related technical degree; or, equivalent industry experience
• Be a team player and regularly collaborate and contribute to increasing the knowledge level of the group
• Ability to write technical documents in a clear and concise manner
• Ability to travel abroad and remain on customer site until full incident recovery