Job Type: Hybrid (3 days on-site)
MANDATORY SKILLS/EXPERIENCE:
- Minimum 4 years of experience in Threat Management/SOC/Incident Response environment performing security event and incident detection and handling in an operational environment.
- Excellent verbal and written communication skills.
- Previous experience working as a part of an IT Security team.
- Formal education or a strong background in Computer Science, Computer Engineering or similar experience.
- Incident response experience responding to advanced adversaries.
- Active knowledge of current trends in computer security, software/hardware vulnerabilities.
- Active interest in current security research.
- Ability to work as part of a CERT which may require rotational weekday/weekend on-call coverage.
- Strong sense of teamwork, an inquisitive mind, and the desire to share knowledge.
- Ability to understand and implement technical vulnerability corrections.
- Experience in web application security assessment and/or penetration testing.
- Experience with hybrid cloud environments.
- Experience conducting static and dynamic malware analysis.
- Experience with automation, scripting (Python, PowerShell, etc.)
- Understanding of intrusion analysis.
- Knowledge of multiple operating systems internals (Windows, Linux, OS X).
- Knowledge of host and network forensics.
- At least one of the following industry certifications:
- SANS GIAC: GCIA, GCIH, GCFA, GCFE, GNFA, GREM, GPEN, GWAPT, GXPN, GDAT
- Offensive Security: OSCP
SCOPE OF SERVICES:
- Perform incident response across different operational environments working with various teams was the escalation point for high-profile cybersecurity incidents.
- Engage in malware analysis, digital forensics, and campaign assessments; and harmonizes response activities among the client, City departments, and state, federal, and private partners.
- Work with cyber intelligence teams to identify new cyber threats and campaigns and proactively deploy countermeasures.
- Prioritize incident response activities and coordinate response efforts among City departments and external partners.
- Investigate cybersecurity incidents through log, file, and malware analysis.
- Perform memory, network, and host forensics.
- Devise appropriate remediation strategies and assist affected City agencies in containing, eradicating, and recovering from cybersecurity incidents.
- Develop post-incident action plans to improve Mean Time to Detect and Mean Time to Respond.
- Maintain knowledge of current cyber threat campaigns and tradecraft.
- Proactive threat hunting to identify, counter, and recover from advanced adversaries.
- Design, build and enhance cyber-incident detection tools and capabilities.
- Participate in on-call rotation.
