Incident Response Consultant 3

What You Will Do

• Perform in-depth forensic analysis of systems
• Acquire full disk and triage images of Windows, Mac, and Linux systems for investigation
• Investigate customer networks for suspicious and malicious activity
• Leverage tools such as XDR to perform large-scale threat hunts
• Identify systems of interest related to ongoing investigations
• Maintain detailed and accurate documentation, including meeting notes and investigative findings
• Document IOCs and contribute to the development of threat intelligence
• Collect sample files from customer devices as part of incident investigations
• Conduct searches through OSINT sources
• Log work hours accurately for each customer engagement
• Complete assigned training and development programs as directed by the Team Lead

What You Will Bring

• 3+ years of experience in Incident Response or a related role
• Excellent understanding of Windows logs and forensic artifacts
• Strong understanding of hypervisors and virtualization
• Experience in conducting full disk and triage image acquisition
• Working knowledge of mapping adversary behavior to the MITRE ATT&CK framework
• Demonstrated experience working with common open-source forensic utilities
• Passion for cyber security, incident response, and digital forensics
• A desire for continuous learning
• Strong written communication skills
• A team-player attitude with a willingness to share knowledge
• Ability to work some weekends and holidays
• Experience leading BEC investigations
• Post-secondary education in Cybersecurity, or comparable
• Cybersecurity certifications is a plus (e.g. CompTIA CySA+, GCFE, GCIH, or similar)
• Experience with SIEM technology is a plus (e.g. Splunk, ELK, etc.)
• Willingness to work occasional overtime during peak times or holidays
• Experience writing SQL queries is a plus
• Experience writing PowerShell, Python, or Bash scripts is a plus