Location: Houston, TX
Description: Our client is currently seeking a Forensic and Incident Response Lead
This job will have the following responsibilities:
Qualifications & Requirements:
- Work across SOC, Cyber Threat Intelligence, Red Team, Engineering Team and others to bring together a holistic view of incidents
- Conduct investigations on high-priority incidents to include functions such as host (disk and memory) forensics, network forensics and log analysis
- Conduct advanced threat hunting by using threat intelligence and the MITRE ATT&CK framework to proactively identify suspicious activity in the environment
- Support insider threat investigations through the use of innovative techniques and use cases
- When not actively responding to incidents, other key items within the role include: development of documentation and processes such as playbooks, refining your skills through training opportunities and identifying and enhancing the capabilities of the team by developing opportunities for automation (i.e. custom scripts and tool integration)
- You will lead and coordinate the response to digital security incidents through the initial triage phase and provide support to business and IT teams as they work to close identified gaps.
- This involves ensuring that threats are contained in a timely way to minimize the risk to information assets, data and services.
- You will also participate in post-incident reviews assessing the effectiveness of controls, monitoring and responses to maximize lessons learnt and improve cyber resilience.
- Experience with attacker tactics, techniques and procedures (TTP's)
- Knowledge of both Windows and Linux operating systems in regard to host-based forensics and analysis
- Knowledge of cloud platforms such as AWS and Azure
- Experience with many different types of log sources such as firewall, web and database to identify evidence, trends, patterns and artifacts of anomolous activity
- Understand network communications and protocols
- Ability to communicate effectively and document investigative findings in a clear and concise manner
- You'll have a degree or technical certification (SANS, Cyber Security, CISSP)
- Alternatively, you could have at least 3 years' direct working experience
- You will have significant relevant experience in an cybersecurity, with a focus specialization in digital forensics and response
- You will have advanced technical knowledge and experience of delivering security solutions. This includes providing technical advice and overseeing security processes
This job and many more are available through The Judge Group. Find us on the web at www.judge.com