Cyber Security Incident Response

**Role Overview**:
Cybersense Advanced Cyber Threat Services team is looking for a technical, passionate

pragmatic information security professional with vast Emergency

Incident Response/Cybersecurity experience to be part of our Emergency Incident Response

team. You must be a strong leader/Snr with excellent people and management skills with ability

to take ownership of assignments and execute with speed and accuracy. You also need to able

to work beyond normal business hours and willing to travel locally and/or internationally if

needed. Previous consultative experience is a must.
- Lead Emergency Incident Response (EIR) engagements and guide clients through a variety of incidents (i.e., breaches, malware/virus outbreaks, security incidents, and forensics investigations). Provide guidance on tactical and strategic response and remediation recommendations.
- Excellent verbal and written communication skills
- Ability to handle stressful situations and think on your feet
- Perform live response, malware analysis, volatile data collection and analysis on hosts and/or network data.
- Correlate and analyze Windows, Linux to identify Indicators of Compromise (IOCs).
- Strong in Network Forensics (TCP/IP networking) /Traffic analysis, Digital Forensics
- Ability to examine firewall, web, database, and other log sources to identify evidence of malicious activity
- Leveraging various forensics tools including Encase, FTK, X-Ways, SIFT/ open source, Splunk, and other tools to determine source of compromises and/or malicious activity that occurred in client environments.
- Display an understanding of security best practices, security gap assessments, penetration testing / Cyber Kill Chain, NIST etc.
- Perform vulnerability assessments to identify security issues in client environments.
- Have performed SOC assessments and other proactive services (TableTops/Purple Teaming etc)
- Experience or familiarity programming in at least one of the following: Python, Powershell, Bash, Shell Script, Batch, VBscript would be beneficial
- Deliver professional consulting services across Professional Services portfolio and ability to manage multiple deliverables simultaneously, if and when required
- Able to learn and collaborate from our close-knit group as well as contributing your thoughts, tools, industry news or lessons learned.
- Ability to speak with C-Level and management personnel about the engagement or service provided
- Travel requirements around 25%, also if required.

**Additional Experience Desired**:

- Experienced in managing large and complex client environments and meet their business requirements by evaluating their security controls, architecture and operations against industry best practices
- Assess and develop risk management/mitigation controls and strategies via technical testing and conducting risk assessments and develop actionable remediation guidance.
- Have performed IR/SOC Gap Assessments and Development
- Basic understanding of the customers’ product suites to be able to intelligently discuss with clients how the Foundstone Services can support and be supported by technology and solutions at a highly level.
- Understanding in development of engagement scoping and proposals and making customer presentations

**Typical Minimums**:

- Bachelor/Master’s degree from an accredited college in a related discipline, or equivalent experience/combined education,
- min 5-10years of consultative experience/IR/forensic, security experience, and as above.
- One or more of the following technical certifications or equivalents: GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM), EnCE or similar