Description
Role DefinitionThis a technical incident response role whose primary focus is investigating the root cause of a given ransomware or BEC intrusion and communicating the subsequent findings to the respective insured/client. As part of this undertaking, you will be joining a team of leading IR industry professionals who are responding to novel and complex threat campaigns, at scale, and across the globe. Furthermore, you will be supported by a wider team of experts who will manage the interface with the insured/client and coordinate the associated technical containment and recovery activities.
Key responsibilities & accountabilities
- Conduct host, network, and application forensic investigations to identify Indicators of Compromise (IOCs) and determine the subsequent root cause of a given cyber incident.
- Ascertain the extent of a respective compromise, detail attributes of any related threat actor tooling and malware, and if possible, determine if any data was exfiltrated.
- If required, author comprehensible forensic findings reports that detail the attack timeline from initial intrusion through to final objective, and provide corresponding recommendations as appropriate.
- Maintain expert knowledge of forensic tools, industry best practices, and associated threat actors Tools, Techniques, and Procedures (TTPs).
- Extol the core values and culture, whilst championing integrity, accuracy, and quality of organizations Response offerings.
Essential skills, knowledge, and experience
- At least 3 - 5 years' experience in undertaking network and host forensic investigations.
- Demonstrable detailed understanding of Windows OS and network protocols.
- Experience analysing electronic media, packet capture, log data, and network devices