Incident Response Lead

About the role

Responsibilities

• Drive incident response engagements to guide our customers through forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations.
• Coordinate and guide incident response assistance from team members and vendors
• Investigate customer data breaches and malicious activity leveraging forensics tools; analyze Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs); examine firewall, web, database, and other log sources to identify evidence of malicious activity.
• Lead proactive cybersecurity advisory and consulting engagements such as:
  • Tabletop Exercises: lead and facilitate tabletop exercises designed to simulate real-world cyber incidents, helping clients enhance their incident response preparedness and resilience.
  • Assessments: conduct comprehensive cybersecurity assessments to evaluate clients' security postures, identify vulnerabilities, and provide actionable recommendations for improvement.
  • Documentation Reviews: evaluate and refine clients' incident response plans, policies, and procedures to ensure they align with industry best practices and regulatory requirements.
• Strategic Guidance and Client Engagement:
  • Advisory Role: Provide strategic guidance to clients on enhancing their security architectures, cloud security strategies, and compliance frameworks such as NIST, HIPAA, and PCI.
  • Long-Term Remediation: Beyond immediate incident containment, collaborate with clients to develop and implement longer-term remediation strategies to strengthen their security postures.
  • Process Enhancement: Contribute to the refinement and improvement of internal processes, methodologies, and service offerings based on your consulting insights and industry expertise.
• Provide case reporting as required across internal and external audiences with the appropriate technical level of detail for threat researchers and/or business customers.
• Evaluate customer security programs, technologies, controls, and business environments; recommend and develop enhancements.
• Provide recommendations on solutions to help customers navigate information security risk.
• Track emerging security practices and contribute to building internal processes, and our various products.
• Stay abreast of the current regulatory environment, industry trends and related implications.

Skills and Qualifications

• Bachelor’s Degree in Computer Science, Information Security, Engineering, or other relevant subjects.
• Minimum of 5+ years of incident response or digital forensics experience.
• Demonstrated practiced knowledge of the lifecycle of network threats, attacks, attack vectors, and methods of exploitation with a knowledge of intrusion set tactics, techniques, and procedures.
• Consultative Approach: Ability to effectively communicate complex technical concepts to non-technical stakeholders and provide actionable recommendations.
• Analytical Skills: Proficiency in analyzing security programs, technologies, and environments to identify gaps and recommend enhancements.
• Regulatory Knowledge: Familiarity with regulatory requirements and frameworks (e.g., NIST, HIPAA, PCI) is essential for advising clients on compliance issues.
• Project Management: Experience managing multiple projects simultaneously, from initial scoping through to final deliverables, ensuring high-quality results and client satisfaction.
• Knowledge of TCP/IP Protocols, network assessment and network/security applications, including log and network traffic capture assessment.
• Experience with Velociraptor, Axiom, FTK, SIFT, Volatility, ELK, WireShark, Plaso, Skadi or other open source forensic/log analysis/network assessment tools.
• Experience with EDR tools like CrowdStrike Falcon, Carbon Black, Sentinel One, etc.
• Knowledge of industry standard frameworks – NIST, HIPAA, PCI.
• Self-motivated; entrepreneurial spirit; comfortable working in a , dynamic environment.
• Strong interactive communication skills (verbal & written).
• Aptitude to learn technical concepts/terms, and aptitude to guide multiple tasks/projects simultaneously.
• Experience deploying tools to AWS and familiarity using Cloud based platform for assessment.

Bonus Points

• Security policy, governance, privacy or regulatory experience (e.g., NIST, ISO, HIPAA, PCI).
• Securing cloud based platforms (Microsoft Azure, Amazon AWS, etc.).
• Experience with system hardening procedures for Windows, Linux, Unix is helpful.Knowledge and/or experience with Nmap, Nessus, Nexpose, Qualys, Burp, Kali, Metasploit, Meterpreter, or other offensive tools is helpful.
• Knowledge of scripting for development of security tools and industry frameworks is helpful.
• SCADA/Control systems network experience is a plus.