Senior Incident Response Expert

Sygnia is a top tier cyber technology and services company, providing high-end consulting and incident response support for organizations worldwide. Sygnia works with companies to proactively build their cyber resilience and to respond and defeat attacks within their networks. It is the trusted advisor and cyber security service provider of IT and security teams, senior managements, and boards of top organizations worldwide, including Fortune 100 companies.

The company draws on top talent from the ranks of elite military technology units and from across the cyber industry and has some of the world's top talents in cyber security. Described by Forbes as a "cyber security delta force", it applies technological supremacy, digital combat experience, data analytics and a business-driven mindset to cyber security, enabling organizations to excel in the age of cyber.

Cyber threats are constantly growing in volume, velocity and sophistication. When an organization is confronted with an advanced attack, it needs the strongest capabilities on its side. In many cases, an incident response engagement is in fact a battle within a network. The operational art, experience focus and speed of Sygnia response teams can mean the difference between a minor blow and a devastating impact on performance and reputation of organizations.

Sygnia is looking for highly capable Senior Incident Response Expert. The role includes conducting in-depth forensic analysis, investigation and response to real-world cyber threats. A significant part of our investigations is performed onsite at the client location, in collaboration with the client's IT and security teams.

Main Responsibilities

• Take ownership in core IR effort or an entire workstream, and conduct complex IR tasks
• Technically lead small-scale investigations and small-scale proactive engagements
• Lead client communication on dedicated sessions and present reports
• Participate in ad-hoc scoping calls
• Lead publication efforts
• Participate and lead hiring interviews for IR experts, review home assignments
• Participate in forensic and incident response investigations, including large scale sophisticated attacks, conduct log analysis, host and network-based forensics and malware analysis.
• Participate in threat hunting: proactively hunt for targeted attacks and new emerging threats in client's networks; as well as security assessments and simulations.
• Identify indicators of compromise (IOCs) and tools, tactics, and procedures (TTPs) to help ascertain whether and how breaches have occurred.
• Utilize and develop tools and methodologies to improve Sygnia's existing investigative and hunting technological stack.
• Collaborate with IT and Security teams during investigations.
• Generate and present a comprehensive and professional report of findings from investigations.

Main Requirements

• At least 5 years of a relevant experience .
• Bright, curious and determined team player, who strive for excellency.
• Problem solver, in-depth thinker with growth mindset.
• Demonstrated in-depth understanding of the life cycle of advanced security threats, attack vectors and variant methods of exploration.
• Deep technical understanding of network fundamentals and common Internet protocols.
• Solid understanding of system and security controls on at least two OSs (Windows, Linux / Unix and MacOS), including host-based forensics and experience with analyzing OS artifacts.
• Fluency with one or more scripting language (i.e. Python).
• Multidisciplinary knowledge and competencies, such as:
• Hands-on experience in data analysis (preferably network traffic or log analysis) in relevant data analysis and data science platforms (Jupyter, Splunk, pandas, SQL).
• Familiarity with cloud infrastructure, web application and servers, android and iOS mobile platforms.
• Experience with malware analysis and reverse engineering.
• Familiarity with enterprise SIEM platforms (e.g. Splunk, , ArcSight).
• Excellent communication and interpersonal skills. Fluent English, including the ability to document and explain technical information in a concise, understandable manner.
• Willing to travel abroad (~30% of the time).