Austin; Remote; Virtual, Texas, United States
Our Client's Security Operations Center Senior Cybersecurity Forensic Analyst is a senior-level technical analyst that is relied upon to conduct extensive system forensics as part of cybersecurity incident response investigations. The SOC Senior Cybersecurity Forensic Analyst serves as a subject matter expert within an incident response team to conduct forensic examinations of systems in the deconstruction of cybersecurity attacks in support of the company's customers.
The response process includes iterative analysis to ensure effective containment, mitigation and recovery can be managed and accomplished by the incident response team to ensure that the determination of initial attack vectors, tactics and tools used, scope of attack, and extent of compromise are fully determined to the degree possible.
This role is authorized to work remotely and may require up to 10% travel to client locations generally within the domestic United States.
• Conduct investigative analysis for complex security incidents and attacks within an incident response team.
• Communicate findings, assumptions and theories effectively to assist in the incident response process.
• Serve as an escalation resource and mentor for SOC analysts for advanced analysis.
• Conduct data/evidence gathering, documentation and handler activities during incidents and investigations ensuring sound forensic practices.
• Assist in threat hunting activities in client networks through proactive analysis of log, network and system data including system image analysis to identify threats during active incident response and ensure mitigation measures are effective.
• Provide sound technical recommendations that help enable remediation of security issues.
• Identify and incorporate applicable indicators of compromise (IOCs) and cybersecurity threat intelligence to aid in the investigation and mitigation of cybersecurity attacks.
• Support customer IT administrators and cybersecurity personnel to ensure successful incident response practices and business system recovery.
• Provide recommendations for improvements to internal SOC processes and procedures based on experience and operational insight to ensure consistency between incident response team members and other Incident Response Teams.
Required Managerial and Interpersonal Skills and Qualifications:
• Capable of working independently, establishing priorities and managing task completion within deadlines that are responsive to client needs and urgency of incident response requirements.
• Able to communicate effectively through writing, speaking, and presenting to customers and fellow team members.
• Team player capable of productively contributing to the company's mission by supporting fellow teammates and clients in a dynamic growing and changing environment.
Essential Technical Experience and Knowledge Skills:
• Expert knowledge in network traffic analysis, threat detection, and advanced threat tactics, techniques and procedures (TTPs).
• Expert knowledge of forensic analysis tools such as AccessData Forensic Tool Kit (FTK) and X-Ways Forensics and Investigator, or similar system forensic software.
• Experience in cybersecurity event analysis, intrusion detection, and security operations.
• Experience creating advanced and detailed queries, such as regular expressions, for log, event and correlation analysis.
• Experience with Security Information and Event Management (SIEM) systems, including analysis and incident workflow development processes.
• Experience with a broad array of cybersecurity tools and technologies with the ability to navigate management consoles to extract necessary investigative information as well as to assist in the configuration to enable detection and prevention as part of the response process.
• Broad knowledge and experience with varieties of network and security architecture principles, firewall and IDS/IPS fundamentals, endpoint security systems and other security protective/detective systems.
• Knowledge of cloud technologies and email systems necessary to conduct analysis of cybersecurity attacks in a variety of environments and platforms.
Additional Background and Experience Requirements:
• Well qualified candidates will possess an industry certification including CISSP, GCIH, GMON, GCIA, OSCP, CEH or other recognized credentials.
• Must be able to complete pre-employment screening, State of Texas background investigation, and be capable of obtaining a US Government Secret level clearance.
Preferred Skills and Qualifications:
• Computer Science or related 4-year degree.
• Experience with the identification and analysis of vulnerabilities and attacker exploit techniques.
• Experience training and mentoring others on advanced technical topics such as log and traffic analysis and intrusion detection.
• Experience with quickly learning and understanding complex environments, independently reaching stretch goals, and continually improving knowledge and capabilities.
• Experience taking on complex and difficult problems, formulating a path forward, and executing steps that demonstrate meaningful progress.