Interested in investigating computer crimes and breaches that make the headlines – and many more that don’t? Can you think like an attacker to stay one step ahead of them, or understand the operational security controls needed to detect, remediate, and prevent compromises? Arete Incident Response seeks Incident Response Consultants with strong technical skills and an eagerness to lead projects and work with our clients. Candidates will need to apply their Incident Response, forensics, log analysis, and malware triage skills to solve complex intrusion cases at organizations around the world. Our consultants must be comfortable working in teams to tackle challenging projects, communicating with clients, and creating and presenting high-quality deliverables.
- Conduct Incident Response investigations in organizations ranging from SMBs to Fortune 100 size enterprises
- Conduct host forensics, network forensics, log analysis, and malware triage in support of incident response investigations.
- Conduct SOC and CERT monitoring and analysis using: SIEM tools such as ArcSight and AlienVault; Data analytic tools such as Splunk and ELK Stack; Network Modeling tools such as RedSeal and Skybox; Malware tools such as Cylance and Sentinel One; APT network-based detection and mitigation tools such as Fidelis, FireEye; and Network management tools such as SolarWinds;
- Recognize and codify attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied to current and future investigations.
- Build scripts, tools, or methodologies to enhance incident investigation processes.
- Develop comprehensive and accurate reports and presentations for both technical and executive audiences.
- Effectively communicate investigative findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel.
- Work with network security and IT operations at clients to implement containment and eradication actions and remediation measures in response to incidents.
- Assist with scoping prospective engagements, participate in investigations from kickoff through remediation, and mentor less experienced staff.
- Bachelor’s degree in a technical field
- Minimum 2-5 years of experience; minimum 6 years of experience if no degree
- Must be eligible to work in the US without sponsorship
- Technical expertise in at least three of the following areas:
- SOC & CERT Operations Tier 1-3
- Network Security Monitoring (NSM), network traffic analysis, and log analysis
- Forensic imaging including chain of custody
- Windows and Unix disk and memory forensics
- Penetration Testing / Vulnerability Scanning
- Static and dynamic malware analysis
- Applied knowledge in at least one scripting or development language (such as Python)
- Thorough understanding of enterprise security controls in Active Directory / Windows environments
- Experience with hands-on penetration testing against Windows, Unix, or web application targets
- Must pass drug screening + background check
- Willingness to travel (up to 50%)
- Ability to successfully interface with both internal and external clients
- Ability to document and explain technical details in a concise, understandable manner
- Ability to manage and balance own time among multiple tasks, and lead junior staff when required
- Eligibility for a Top Secret Security Clearance is a plus
- Ability to multitask while in an extremely chaotic environment that moves at a rapid pace while providing SME level technical and programmatic leadership and managing customer expectations