SOC Incident Responder

**Responsibilities**

Related activities include but are not limited to:

- Lead and/or support in-depth triage and investigations of urgent cyber incidents in cloud, traditional, and hybrid environments.
- Perform incident response functions including but not limited to host-based analytical functions (e.g. digital forensics, metadata, malware analysis, etc.) through investigating Windows, Unix based, appliances, and Mac OS X systems to uncover Indicators of Compromise (IOCs) and/or Tactics, Techniques and Procedures (TTPs).
- Create and track metrics based on the MITRE ATT&CK Framework and other standard security-focused models.
- Participate in incident response efforts using forensic and other custom tools to identify any sources of compromise and/or malicious activities taking place.
- Collaborate with global multidisciplinary groups for triaging and defining the scope of large scale incidents.
- Document and present investigative findings for high profile events and other incidents of interest.
- Participate in readiness exercises such as purple team, table tops, etc.
- Train junior colleagues on relevant best practices.

**Qualifications**
- Stay current with the evolving landscape of threat activities and cybersecurity best practices.
- Quickly synthesize information from disparate sources.
- Scrutinize evidence thoroughly to identify relationships and develop leads.
- Establish defensible working theories to explain observations and findings.
- Perform investigations in a forensically sound manner.

A goal oriented individual contributor. Success will depend on your ability to:

- Stay motivated and work independently with mínimal oversight.
- Adapt to changing requirements in a fast paced environment.
- Multitask and meet deadlines despite competing priorities.
- Navigate operational impediments in order to complete time sensitive tasks.
- Identify and document any opportunities for process improvement.

A reliable team player. Success will depend on your ability to:

- Practice mutual respect at all times.
- Establish trust and build strong partnerships.
- Resolve conflict in a constructive manner and use as an opportunity to develop team unity.
- Prioritize collective success ahead of individual ambition.

A great communicator. Success will depend on your ability to:

- Establish clear narratives to describe investigative findings and working theories.
- Clearly and concisely articulate any recommendations that arise from investigative activities.
- Motivate colleagues and partners to cooperate and support as needed.
- Exert influence both verbally and in writing.

A passionate leader. Success will depend on your ability to:

- Lead by example.
- Enable team success by being approachable and available.
- Innovate and inspire others.
- Embrace challenges and approach any failures as opportunities for learning and improvement.

**Requirements and Critical Competencies**

**Education, knowledge, and Experience**:

- Bachelor's degree in a technically rigorous domain such as Computer Science, Information Security, Engineering, Digital Forensics, etc.
- 3+ years of professional experience in cybersecurity and/or information security, or demonstrated equivalent capability.
- 1+ years hands-on working in cyber incident response and investigations in medium to large organizations with cloud and forensics components.

**Experience in Cloud Forensics/IR**
- Hands-on Dev/Sec/Ops experience with cloud environments and underlying storage, compute and monitoring services
- Prior experience with cloud common services
- Hands-on experience with forensic investigations or large scale incident response in cloud environments.
- Hands-on experience with containerization methods and tools (e.g. Docker, Kubernetes) including incident response and digital forensics.
- Certifications (e.g. GIAC, AWS, etc) in cloud or demonstrated equivalent capability.

**Experience**in**Incident Response**
- Hands-on experience with analyzing and pivoting through large data sets
- Current hands-on experience in digital forensics (e.g. computer, network, mobile device forensics, and forensic data analysis, etc.).
- Activities include but not limited to:

- Memory collection and analysis from various platforms
- Evidence preservation, following industry best practices.
- Familiarity with malware analysis and Reverse Engineering of samples (e.g. static, dynamic, de-obfuscation, unpacking)
- In-depth File system knowledge and analysis.
- In-depth experience with timeline analysis.
- In-depth experience with Registry, event, and other log file and artifact analysis.
- Hands-on experience with a DFIR toolset and related scripting
- Current expertise with an EDR system
- One or more GIAC (e.g. GCFE, GCFA, GREM, GCIH, GASF, GNFA, etc.) or other digital forensic and/or incident response certifications.

**Experience in the following operating systems**:

- Windows Operating Systems / UNIX / Mac OS X, specifically in system administration, comm