Job Description

Summary
===========================


Responsible for hunting, detecting and responding to digital security threats. Demonstrates technical leadership abilities and strong comprehension of malware, emerging threats and calculating risk.
===================

Essential Responsibilities:

• Specialize in network-centric analysis (NSM), host-centric analysis (live response, digital forensics), malware analysis, and log-centric analysis (SIEM)
• Curate signatures, tune systems/tools, develop scripts and correlation rules
• Uses a hypothesis-driven approach and behavioral analysis to uncover connections and correlations between potential cyber threats.
• Analyze host and network forensic artifacts and identify patterns and behaviors related to threat actors
• Mentor and train incident responder and incident responder specialists
Required Qualifications :
Bachelor's Degree in Computer Science or "STEM" Majors (Science, Technology, Engineering and Math) with advanced experience.

Desired Characteristics:

• Detailed understanding of CND-based analytical models (Kill Chain, ATT&CK, Pyramid of Pain, etc.)
• Detailed understanding of APT, Cyber Crime and other associated tactics
• Practical experience in host forensics and network analysis techniques and tools
• Practical experience with malware and reverse engineering
• Practical experience responding to threats in cloud platforms (AWS, Azure, Google, etc.)
• Practical experience writing behavioral and static detections
• Expertise in at least two areas of discipline (Host, Network, Email, Cloud, Identity, Application, Malware)
• Excellent verbal and written communication skills
• Excellent organizational and analytical skills
• Detail oriented with the ability to multi-task and prioritize efforts
• CISSP, CISM or related SANs or Industry certifications
• Ability to collaborate in a team environment
• Foundational cyber skills: Networking (TCP/IP, UDP, Routing); Applications (HTTP, SMTP, DNS, FTP, SSH, etc..); Encryption (DES, AES, RSA) and hashing algorithms (MD5, SHA-1, etc.); System/Application vulnerabilities and exploitation; Operating systems (Windows, •Nix, and Mac), Cloud technology (SaaS, IaaS, PaaS), and malware or behaviors exploiting these systems