Associate Principal, Response Operations

In a world of disruption and increasingly complex business challenges, our professionals bring truth into focus with the Kroll Lens. Our sharp analytical skills, paired with the latest technology, allow us to give our clients clarity—not just answers—in all areas of business. We embrace diverse backgrounds and global perspectives, and we cultivate diversity by respecting, including, and valuing one another. As part of One team, One Kroll, you’ll contribute to a supportive and collaborative work environment that empowers you to excel.

Kroll’s Cyber Risk team works on over 2,000 cases a year, including some of the most complex and highest profile matters in the world. With experts based around the world, supported by ground-breaking technology, we help protect our client’s data, people, operations and reputation with innovative assessments, investigations, and intelligence. We are the only company in the world with the expertise and resources to deliver global, end-to-end cyber risk management, supporting organizations through every step of their journey toward cyber resilience.

Clients count on us for quick and expert support in the event of and in preparation against a cyber incident; from incident response to risk assessments, and complex forensics to breach notification and ID theft remediation we help clients – of all sizes – respond with confidence.

At Kroll, your work will help deliver clarity to our clients’ most complex governance, risk, and transparency challenges. Apply now to join One team, One Kroll.

Day to Day RESPONSIBILITIES:

We are looking for bright, motivated, and inquisitive minds to join our Kroll Responder monitoring and response team who are experienced in and passionate about modern cyber threat hunting and active response. Our Associate Principals use leading endpoint detection and response tools to rapidly identify, investigate, and respond to threats and threat actors impacting systems and networks around the globe every day.

• Perform ongoing threat hunting, analysis, containment, and remediation of threats identified through advanced endpoint detection and response (EDR), endpoint prevention (EPP), SIEM, and related security tools.
• Collect and review relevant forensic artifacts to identify root cause and understand nature of threats.
• Develop and communicate written and verbal threat reports associated with events to customers.
• Assist in ongoing research, development, and testing of enhanced threat detection and response tools, techniques, and indicators.
• Support incident engagement teams with active intrusion detection and response tasks.
• Conduct threat research, forensic analysis, and basic malware analysis of threats.
• Actively participate in related client meetings and teleconferences.
• Assist clients with questions regarding threat detections, EDR tools, deployment, and maintenance.

Essential Traits

• Bachelor’s degree or higher in Computer Science, Cyber Security, Computer Engineering, or similar technical degree.
• Minimum 5 years’ experience in threat hunting, detection, and response or equivalent experience.
• Ability to respond rapidly, multi-task, and communicate effectively both verbally and in writing with customers, team members, and engagement managers.
• Highly motivated, tenacious, assertive problem solver with a desire to analyze root cause and reach effective conclusions to active intrusions and incidents on an ongoing basis both individually and as part of larger response teams.
• Solid understanding of Windows operating system fundamentals, architecture (File System, registry, processes, binaries, DLL’s, etc.) and administration concepts. Similar understanding of MacOS and/or Linux a plus.
• Prior experience actively using endpoint threat detection and response (EDR) products to investigate threats such as SentinelOne, Crowdstrike Falcon, VMWare Carbon Black, Microsoft Defender for Endpoint, Cortex XDR, Trend Micro XDR, or others.
• Understanding of common threat actor techniques, malware behavior and persistence mechanisms.
• Working knowledge of various scripting languages and tools (PowerShell, Python, VB, Yara)
• Working knowledge of TCP/IP and related networking concepts.
• Prior experience using Splunk or other SIEM solutions, intrusion detection solutions, or related security products.
• Relevant cyber security certifications including CISSP, GCIA, GCIH, GCFA, GMON, or GREM a plus.
• Excellent written and verbal communication skills
• Availability for occasional after-hours, weekends, and/or holiday work in response to active incidents.

In order to be considered for a position, you must formally apply via careers.kroll.com.

Kroll is committed to creating an inclusive work environment. We are proud to be an equal opportunity employer and will consider all qualified applicants regardless of gender, gender identity, race, religion, color, nationality, ethnic origin, sexual orientation, marital status, veteran status, age or disability.

#LI-TM1

#LI-Remote