Company Description
About CyberArk:
CyberArk (NASDAQ: CYBR) is the global leader in identity security. Centered on intelligent privilege controls, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud environments and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets. To learn more about CyberArk, visit https://www.cyberark.com, read the CyberArk blogs or follow on LinkedIn, X, Facebook or YouTube.
Job Description
What will you do:
CyberArk, the global leader in Identity Security, is looking for a skilled and passionate DFIR & Threat Hunting Researcher to join its Global Information Security Team. In this role, you will conduct digital forensics and threat-hunting activities across CyberArk's global network, endpoints, and cloud environments. You will also research and develop new methods and tools to enhance the detection and response capabilities of the CyberArk Information Security team.
- Digital Forensics and Incident Response (DFIR):
- Perform digital forensics analysis on various types of evidence, such as disk, memory, network, and cloud artifacts (AWS – advantage).
- Support incident response efforts by providing technical expertise, containment, eradication, and recovery guidance.
- Maintain and operate forensic tools and platforms, ensuring they are up-to-date and reliable.
- Document and report on forensic findings and recommendations, following the established procedures and standards.
- Threat Hunting:
- Proactively hunt for malicious activity and indicators of compromise across CyberArk's network, endpoints, and cloud environments using various data sources and analytical techniques.
- Develop and refine custom threat-hunting hypotheses, queries, and dashboards based on the latest threat intelligence and trends.
- Collaborate with the SOC team to validate, escalate, and respond to identified threats.
- Research and Development:
- Research emerging threats, attack vectors, threat actors, ATPs, security technologies and CyberArk products and share insights and best practices with the team and the broader security community.
- Develop and improve tools, scripts, correlation alerts and automation to enhance the SOC team's DFIR and threat-hunting capabilities.
LI-CR1
Qualifications
What you need to succeed:
- Proven (3+ years) experience in digital forensics and incident response, preferably in a tech company or a security consulting firm.
- Hands-on experience with industry standard forensic tools and platforms.
- Hands-on experience with threat hunting tools, query languages and platforms, such as ELK, Splunk, QRadar, KQL, SQL etc.
- Strong knowledge of network protocols, operating systems, malware analysis, and cloud security.
- Ability to automate tasks using a scripting language such as Python & JS.
- Excellent communication and interpersonal skills.
- Excellent proficiency in English, both written and verbal, is a must.
- Curious and creative mindset, with a passion for learning and solving complex problems.
- Ability to work independently and collaboratively in a fast-paced, dynamic environment and with a multi-region team.
How will you stand out from the crowd:
- GCFE, GCFA, GNFA, GCTI, OSCP, or equivalent.
Top Skills
What We Do
CyberArk is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets.
For over a decade CyberArk has led the market in securing enterprises against cyber attacks that take cover behind insider privileges and attack critical enterprise assets. Today, only CyberArk is delivering a new category of targeted security solutions that help leaders stop reacting to cyber threats and get ahead of them, preventing attack escalation before irreparable business harm is done. At a time when auditors and regulators are recognizing that privileged accounts are the fast track for cyber attacks and demanding stronger protection, CyberArk’s security solutions master high-stakes compliance and audit requirements while arming businesses to protect what matters most.
With offices and authorized partners worldwide, CyberArk is a vital security partner to more than 6,770 global businesses, including:
More than 50% of the Fortune 500
More than 35% of the Global 2000
CyberArk has offices in the U.S, Israel, U.K., Singapore, Australia, France, Germany, Italy, Japan, Netherlands and Turkey.