To Apply for this Job Click Here

Key Responsibilities:

Collaborate with internal and customer teams to investigate and contain incidents. Conduct host forensics, network forensics, log analysis, and malware triage in support of incident response investigations.Recognize and codify attacker Tools, Tactics, and Procedures (TTPs) and Indicators of Compromise (IOCs). Build scripts, tools, or methodologies to enhance Mandiant's incident investigation processes that can be applied to current and future investigations.As an active member of the team, monitor and process response for security events on a 24x7 basis.Analyze attack vectors and methods to develop custom Splunk ES SIEM signatures or detectionsProvide and implement recommendations to improve Splunk ES detectionsLead the SOC's incident response team threat hunting and incident response activitiesLead Postmortem exercises post incidents with a focus to identify deficiencies requiring additional attention.Analyze and respond to security threats from Firewall (FW), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Antivirus (AV), Endpoint Detection and Response (EDR), Network Detection and Response (NDR), Email Security, Cloud Security, and other security threat data sources.Oversee the collection, preservation, and analysis of electronic data and metadata in response to litigation, regulatory inquiries, and internal investigations.Collaborate and communicate with the Law Department and Global Security teams to understand case requirements and provide guidance on e-discovery and digital forensics matters.Conduct data collection from U.S.-based - and, in some cases, internationally-based - digital devices, including computers, mobile devices, and cloud-based, and network systems; deduplicate and import said data into Relativity or other e-discovery review platform.Develop and implement e-discovery strategies and workflows to ensure efficient and defensible processes.Leverage knowledge in multiple security disciplines, such as Windows, Unix, Linux, data loss prevention (DLP), endpoint controls, Public Cloud, and networking, to offer global solutions for a complex heterogeneous environment.Provide or facilitate the forensics analysis of security events.Develop and implement e-discovery strategies and workflows to ensure efficient and defensible processes.Stay current with industry trends, tools, and best practices in digital forensics and e-discovery.Support 24/7 operationsWork non-standard hours including nights, weekends, and holidaysPerform other duties as assigned

Skills and Qualifications:

Strong knowledge of network, backend systems, operating systems, applications, and web services in a manner that allows for the interaction of all as it relates to security and services. 5+ Years as a Senior incident responder/leader of incident response, digital forensics and e-discoveryExperience configuring custom Splunk searches and applications requiredExperience with analyzing attack vectors and methods in order to develop Splunk ES SIEM signatures or detectionsAbility to apply analytical expertise and critical thinking to security incidentsAbility to assimilate, understand and utilize various security technologiesAbility to collaborate within a geographically distributed team of Incident Response AnalystsDemonstrated team or functional leadership experienceExperience processing and analyzing intelligence in support of management decision makingCurrent Information Security related certification preferred.Current Public cloud related certification preferred.Knowledge of relevant information security and incident response frameworks such as ISO 27001, NIST SP 800-61, NIST Cyber Security Framework, MITRE ATT&CK Framework.

Licenses/Certifications:

CISSP Certified Information Systems Security ProfessionalCertified Ethical Hacker (CEH)CompTIA Network+ CertificationCompTIA Security+ Certification

1407615_1739998755 To Apply for this Job Click Here