Senior Incident Response Handler

NOTE: Interviewing candidates located in Charlotte, NC and Washington, DC.


Duties/Responsibilities
This individual will report directly to the Commercial Practice Managing Director and will be expected to engage with clients, information security partners, technology components, business elements, and senior management. This is a hands on role requiring current, effective, and advanced technical skills surrounding incident response, threat hunting, and security engineering.
 
Responsibilities will include:
 
·      Serving as a senior level Incident Responder, aiding Fortalice clients in responding and recovering from sensitive incidents. 
·      Acquiring or collecting computer artifacts, including malware, user activity, and log files
·      Triaging electronic devices and correlating forensic findings with network events to further develop an intrusion narrative
·      Performing incident triage from a forensic perspective, including determination of scope, urgency, and potential impact
·      Providing threat analyses mitigation/countermeasure recommendations, after action reports, summaries, and other situational awareness information in areas such as: Perimeter Defense; Malicious Software Analysis; Attack vector analysis; Computer Network Defense; Incident Handling; Risk Analysis and Readiness; Strategic Planning Analysis
·      Working closely with Fortalice leadership to ensure that this service offering closely aligns with the mission and goals of Fortalice as we scale and grow
·      Demonstrating expertise in producing and leading the development of reports and briefings for senior client executives based on defined engagements
 
Preferred Additional Qualifications
·      Hands on experience with application of the MITRE ATT&CK Framework from a detection and prevention perspective
·      Hands on Experience with Open Source threat hunting tools (ELK Stack - Elasticsearch, Logstash, Kibana)
·      Hands on experience with malware reverse engineering
 
Certifications such as: GREM, GCFA, GNFA, GCFE, OSCP, or related training
 
 
Required Qualifications

Bachelor’s Degree in Computer Science, Networking, Cybersecurity or related technical field

Five years of hands on experience in the following areas:
·  Enterprise firewall administration including installation, maintenance, and rule management
·  Windows server and workstation hardening through configuration and host-based security software (e.g. host-based firewalls, antimalware, application whitelisting).
·  Network architecture and segmentation analysis and knowledge of networking concepts such as VLANs, routing, and encrypted tunnels. 
·  Administration of centralized logging tools and/or Security Information and Event Management Systems (SIEMs).
 
Preferred Qualifications
Technical
·      Demonstrated experience serving as technical expert and liaison to customer and stakeholders up to and including Board level
·      Ability to distill analytic findings into executive summaries and in-depth technical reports, including recognizing and codifying attacker tools, tactics, and procedures in indicators of compromise (IOCs).
·      Ability to utilize timestamps and logs (host and network) to develop authoritative timelines of activity
·      Experience sifting through the following types of technologies for evidence:
o   Windows disk and memory forensics
o   Network Security Monitoring (NSM), network traffic analysis, and log analysis
o   Unix or Linux disk and memory forensics
o   Static and dynamic malware analysis
·      Applied knowledge in at least one scripting or development language (such as Python) to build scripts, tools, or methodologies to enhance incident investigation
·      Thorough understanding of enterprise security controls in Active Directory / Windows environments
·      Deep understanding of cybersecurity and the relationship between threat, vulnerability and information value in the context of risk management.
·      Strong proficiency with common cybersecurity management frameworks and industry leading practices.
·      Provide expert advice in the development of SOWs and associated LOEs.  
·      Experience with cybersecurity governance, risk and compliance functions, threat modeling, identity and access management and cybersecurity operations.
·      Demonstrated adherence to proper evidence handling procedures and chain of custody protocols
 
Leadership and Communications
·      Ability to communicate effectively, in both written and verbal forms.
·      Experience working directly with customers to examine business needs and solve complex security matters; ability to communicate technical security information in a straightforward and client-friendly form.
·      Experience presenting results of assessments, findings, and other project information to clients with professional presentations skills and demeanor. 

Want to apply later?

Type your email address below to receive a reminder

Apply to Job

ErrorRequired field
ErrorRequired field
ErrorRequired field
Error
Error
insert_drive_file
insert_drive_file