Interested in investigating computer crimes and breaches that make the headlines – and many more that don’t? Can you think like an attacker to stay one step ahead of them, or understand the operational security controls needed to detect, remediate, and prevent compromises? Arete Incident Response seeks Senior Incident Response Consultants with strong technical skills and an eagerness to lead projects and work with our clients. Candidates will need to apply their Incident Response, forensics, log analysis, and malware triage skills to solve complex intrusion cases at organizations around the world. Our consultants must be comfortable working in teams to tackle challenging projects, communicating with clients, and creating and presenting high-quality deliverables
- Conduct Incident Response investigation in response to data breaches and security incidents leveraging security tools including: System Forensics tools such as Encase, Axiom, FTK Imager, X-Ways, SIFT; Data analytic tools including Splunk, ELK Stack; Security tools including ArcSight, AlienVault, NetWitness; Fidelis, FireEye, RedSeal, SkyBox, Cylance, Suricata, Solarwinds, Palo Alto, Cisco switches, routers and security appliances, as well as commercial, open source and custom proprietary investigation tools to determine source of compromises and malicious activity that occurred in client environments.
- Conduct SOC and CERT monitoring and analysis using: SIEM tools such as ArcSight and AlienVault; Data analytic tools such as Splunk and ELK Stack; Network Modeling tools such as RedSeal and Skybox; Malware tools such as Cylance and Sentinel One; APT network-based detection and mitigation tools such as Fidelis, FireEye; and Network management tools such as SolarWinds.
- Conduct security gap analysis assessments, penetration testing / red-team assessments, and vulnerability assessments to identify security vulnerabilities and issues in client environments.
- Conduct compliance audits and assessments for Sarbanes Oxley, PCI, ISO 27001, NIST 800-171, HIPAA/HITECH, GDPR and others as required.
- Assist with managing the full life-cycle of incident response engagements including: scoping work, guiding clients through the Incident Response process; containing security incidents involving sophisticated APT level actors; providing guidance on longer term remediation recommendations; and managing both short-term and long-term containment and remediation.
- Recognize and codify attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied to current and future investigations.
- Build scripts, tools, or methodologies to enhance incident investigation processes.
- Develop comprehensive and accurate reports and presentations for both technical and executive audiences.
- Effectively communicate investigative findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel.
- Work with network security and IT operations at clients to implement containment and eradication actions and remediation measures in response to incidents.
- Assist with scoping prospective engagements, participating in investigations from kickoff through remediation, and mentor less experienced staff.
- Mentor the team; especially the more “junior” level incident response consultants in incident response and forensics.
- Bachelor’s degree in a Computer Science, Computer Engineering, Information Assurance, Forensic Sciences, or related technical field; Graduate degree preferred.
- Minimum 3-5 years of experience; minimum 10 years of experience if no degree
- Must be eligible to work in the US without sponsorship
- Technical expertise in at least three of the following areas:
- SOC & CERT Operations Tier 1-3
- Network Security Monitoring (NSM), network traffic analysis, and log analysis
- Forensic imaging including chain of custody
- Windows and Unix disk and memory forensics
- Penetration Testing / Vulnerability Scanning
- Security Architect and Incident remediation
- Static and dynamic malware analysis
- Applied knowledge in at least one scripting or development language (such as Python)
- Thorough understanding of enterprise security controls in Active Directory / Windows environments
- Experience with hands-on penetration testing against Windows, Unix, or web application targets
- Must pass drug screening and background check
- Willingness to travel up to 50%
- Ability to successfully interface with both internal and external clients
- Ability to document and explain technical details in a concise, understandable manner
- Ability to manage and balance own time among multiple tasks, and lead junior staff when required
- Eligibility for Top Secret Security Clearance is a plus
- Ability to multitask while in an extremely chaotic environment that moves at a rapid pace while providing SME level technical and programmatic leadership and managing customer expectations