• Analyze the computing environment to detect, isolate, and remediate advanced cybersecurity threats.
• Monitor and analyze security events, logs, and reports from various tools and technologies.
• Provide first-level critical response for all information security-related incidents.
• Administer technical controls, including SIEM, endpoint security, and content filtering systems.
• Interpret threat intelligence data and make it actionable.
• Record information security incidents within an incident tracking system.
• Assist Information Security Engineers with testing of technical controls and vulnerability remediation.
• Provide support and guidance to end-users.

Skills: Threat Analysis, Log Monitoring, Incident Response, SIEM Management, Endpoint Security, Threat Intelligence, Vulnerability Remediation, User Support

• Detect, document, and report potential or confirmed incidents and security issues.
• Analyze events using Security Information Event Management (SIEM) systems, Big Data Analytics, and other supporting platforms or applications.
• Conduct incident handling actions in accordance with established procedures.
• Staff, coordinate, and perform incident response investigations.
• Conduct quality control of incidents and investigations to ensure compliance with applicable policies.
• Develop recommendations to enhance detection capabilities and implement mitigation measures against attempted exploits, attacks, and malware delivery.
• Design and integrate custom rules and reports within data collection platforms.
• Prepare technical summaries and briefings.
• Provide technical expertise regarding the defense of information systems and networks.
• Correlate event data to create situational awareness and produce trend analysis reports.

Skills: Incident Detection, SIEM Analysis, Incident Handling, Response Coordination, Quality Control, Threat Mitigation, Custom Rule Design, Trend Reporting

• Monitor security tools to identify threats and risks to the confidentiality, integrity, and availability of all Company applications, infrastructure, and data.
• Create Incident Response Playbooks and develop Standard Operating Procedures (SOP).
• Own an incident for its full lifecycle, including postmortem reviews and follow-up actions.
• Assist in the development of security-related benchmarks and metrics.
• Assist in the development of various security processes to enhance the overall security infrastructure as well as the overall Information Security Program.
• Identify, evaluate, and implement practices to capture, model, and analyze IT infrastructure log data.
• Participate in the selection and configuration of security solutions such as secure web gateways, CASBs, network intrusion detection/prevention, end-point security, and SIEM.
• Remain current on emerging cybersecurity threats.

Skills: Threat Monitoring, Playbook Development, Incident Management, Security Metrics, Process Improvement, Log Analysis, Security Solutions, Cybersecurity Awareness

• Serve as a senior member of the Global Incident Response Team.
• Help command incident response activities across multiple global offices.
• Work with teams to reduce and control the attack service of a large multinational company.
• Primarily engage in hunting and research activities when not leading response efforts to complex attacks against their organisation.
• Execute incident response processes to respond to security threats and attacks.
• Perform proactive threat hunting activities leveraging intelligence from multiple internal and external sources.
• Create detection mechanisms and rules based on investigations owned by the Incident Response team.
• Assist in the design, evaluation, and implementation of new security technologies, including deception technologies, cloud, and containerized environments.
• Conduct incident response tabletop exercises and blue team scenarios globally to test and improve the organization’s security posture.

Skills: Incident Leadership, Global Coordination, Attack Surface Reduction, Threat Hunting, Response Execution, Detection Engineering, Security Technology, Tabletop Exercises

• Monitor technical operations and actively participate in incident response activities using tools such as Nagios, New Relic, Grafana, Kibana, and Atlassian.
• Engage proactively with IT teams to resolve and support service issues.
• Manage communication streams, including stakeholder updates via Slack, Outlook, and Zoom.
• Follow runbooks to resolve issues quickly.
• Maintain and continuously update runbooks to enable faster incident response.
• Navigate tools, systems, and applications to recognize, resolve, and report issues or anomalies.
• Coordinate and share information or findings with IT teams daily.
• Own and facilitate postmortem initiatives to improve organizational quality.
• Escalate unresolved incidents and participate in the full incident management lifecycle.
• Learn new systems and applications and demo them to the team as technology evolves.
• Build and maintain strong relationships with internal teams.

Skills: Operations Monitoring, Incident Response, Service Support, Stakeholder Communication, Runbook Management, Issue Resolution, Postmortem Analysis, Team Collaboration

• Monitor all operations, networks, and infrastructure for security issues and investigate incidents.
• Quickly classify incidents and initiate the necessary course of action.
• Monitor internal and external policies for compliance.
• Develop security standards and best practices for the organization.
• Plan and execute the organization’s Incident Response (IR) plan.
• Create and direct the security information assurance program for the organization.
• Support complex computer network exploitation and defense techniques, including deterring, identifying, and investigating intrusions.
• Prepare reports documenting security incidents and the extent of damage caused.
• Provide technical support for a comprehensive risk management program by identifying mission-critical processes and systems, current and projected threats, and system vulnerabilities.
• Research the latest IT security trends.
• Review logs to perform high-level forensics.
• Drive lessons learned and remediation activities throughout the organization.
• Recommend security enhancements to management or senior staff.

Skills: Security Monitoring, Incident Classification, Policy Compliance, Security Standards, Incident Response, Network Defense, Risk Management, Forensic Analysis

• Work alarms, cases, and incidents escalated from Level 1 SOC analysts by performing in-depth analysis and triage of threat activity.
• Execute ITSM processes (Change, Request, Incident, Problem Management) on technical IT systems at the component level.
• Perform threat hunting based on emerging IOCs or vulnerabilities.
• Provide intermediate analysis, incident detection, and escalation to Level 3 Analysts or the CSIRT Manager using documented procedures.
• Develop, refine, and maintain incident and alarm rules to improve detection operations.
• Conduct detailed forensic examination and analysis of computers, hard drives, and digital media.
• Perform forensic collections and searches for e-discovery and litigation matters.
• Develop and refine operating procedures to improve the efficiency and effectiveness of incident response, e-discovery, internal investigations, intelligence, and penetration testing.
• Execute activities to eliminate malware and advanced persistent threats during remediation events.
• Execute project tasks designed to enhance CSIRT capabilities.

Skills: Threat Triage, ITSM Execution, Threat Hunting, Incident Escalation, Detection Engineering, Forensic Analysis, E-Discovery Support, Malware Remediation

• Analyze the financial impact of open bugs and flawed user experiences.
• Manage the end-to-end Product and Engineering business response.
• Create and maintain real-time monitoring on bug pathways.
• Analyze data from bug pathways and incidents.
• Be on call for business response and monitoring after business hours.
• Create, present, and own the outcomes from incident response postmortems.
• Partner and build strong relationships with cross-functional teams across Product, Engineering, Customer Experience, and Operations.
• Develop strong hypotheses, independently solve problems, and identify customer pain points.
• Own the continual development and maintenance of all playbooks related to identifying and responding to Engineering or Product incidents that cause suboptimal user experiences.
• Investigate, validate, and escalate bugs using deep technical knowledge.
• Contribute ideas for continuously improving systems and processes.
• Create an exceptional, personalized service experience for users.
• Provide friendly and timely support to drivers and passengers impacted by bugs.

Skills: Bug Impact Analysis, Incident Management, Real-Time Monitoring, Data Analysis, Postmortem Reporting, Cross-Functional Collaboration, Playbook Development, Customer Support

• Serve as the focal point for larger information security incidents, providing awareness and debriefing to senior management.
• Manage time-sensitive incidents and investigations requiring follow-the-sun coordination.
• Work closely with team members to test and document new monitoring tools and enhance existing incident handling procedures.
• Collaborate with stakeholders to tune monitoring platforms and data sources for high-fidelity alert signals and risk scores.
• Participate in cross-departmental tabletop exercises and conduct intra-team simulations.
• Contribute to projects focused on operational improvements and tooling.
• Coach team members on tools, techniques, and risk analysis of insider threat issues.
• Engage with internal teams to draft, review, and edit case documentation.
• Communicate technical report findings and recommendations internally and with clients, providing a high-level understanding of vulnerabilities, data exposure, and risks.
• Assist in ongoing improvements to processes and tools, including research on current trends and issues in the field.

Skills: Incident Leadership, Global Coordination, Tool Testing, Alert Tuning, Tabletop Exercises, Process Improvement, Team Coaching, Risk Communication

• Focus on security monitoring, threat hunting, and incident response by leveraging intuition, security knowledge, and tools to uncover and respond to malicious activity.
• Triage and investigate cybersecurity alerts.
• Monitor and respond to alerts generated by enterprise security tools.
• Follow established incident response processes to triage security events.
• Triage issues escalated to the Cyber Defense team and ensure quick and appropriate follow-up actions.
• Develop and tune cybersecurity alerts and dashboards.
• Document and manage investigations and incidents in the Incident Management System.
• Improve detection capabilities by building and enhancing alert rules and actively hunting for evidence of malicious activity.
• Operate and maintain security tooling and platforms.
• Develop and continually improve incident response playbooks to ensure efficient and effective analysis and response to security alerts.
• Collaborate across teams to support cross-functional efforts.
• Assist with forensic activities following security incidents.
• Participate in the Incident Response on-call rotation.

Skills: Security Monitoring, Threat Hunting, Incident Response, Alert Triage, Detection Engineering, Forensic Support, Tool Management, Playbook Development

• Act as an Incident Commander to facilitate high-severity incident triage.
• Ensure high-severity incidents achieve the necessary cross-functional engagement to drive timely resolution.
• Communicate clear updates to stakeholders on time.
• Participate in the on-call rotation for the Incident Commander role during after-hours and weekends.
• Review open incidents regularly and evaluate if Level 1 (Cloud SOC) and Level 2 (DevOps) teams are remediating incidents effectively and on time.
• Drive the use of incident metrics and perform first-level analysis of incident data to gain insights into service performance and emerging issue patterns.
• Run regular Incident Review meetings with Cloud Operations cross-functional teams.
• Provide focus during meetings to maximize benefit and respect the time of cross-functional representatives.
• Oversee Cloud Service Operation Center Level 1 engineer performance.
• Serve as an escalation point for the Cloud Services Operation Center manager to investigate process or performance issues.

Skills: Incident Command, Crisis Management, Stakeholder Communication, On-Call Support, Incident Evaluation, Metrics Analysis, Review Facilitation, Performance Oversight

• Run post-incident debrief meetings to drive engagement with incident responders.
• Analyze incidents using an interview-based approach to extract deep learnings and expand organizational knowledge.
• Engage with cross-functional Engineering Teams to ensure timely completion of incident follow-up (forensic) activities as governed by internal processes.
• Develop and implement data analyses, data collection methods, and strategies to optimize platform resiliency and quality.
• Collaborate with Autodesk Engineering teams and leaders to recommend improvements based on analysis.
• Periodically review the engagement and follow-through of cross-functional teams to ensure forward progress.
• Facilitate service onboarding and documentation.
• Act as a mentor and facilitator for onboarding new services to the Cloud SOC.
• Conduct meetings with cross-functional teams to educate them and guide them through the onboarding process.
• Perform periodic reviews of new and revised runbooks to evaluate efficacy and relevance.
• Collaborate with subject matter experts in Forge and Engineering to enhance existing runbook documentation.

Skills: Postmortem Facilitation, Incident Analysis, Forensic Coordination, Data Analysis, Process Improvement, Service Onboarding, Runbook Review, Cross-Team Collaboration

• Take ownership and manage cyber incident response end-to-end.
• Work in collaboration with other IT security teams during investigations.
• Self-initiate hunting initiatives to discover potential breaches or undiscovered cyber threats.
• Stay abreast of emerging threat patterns and provide recommendations to improve detection.
• Assist with patching recommendations and workarounds for zero-day threats.
• Coordinate mitigation or remediation tasks with stakeholders and supporting teams.
• Communicate incident updates to management.
• Perform workstation forensics for investigations and compliance needs.
• Document analytical steps and findings associated with cybersecurity incident investigations.
• Review IOCs and TTPs from threat campaigns and intelligence to determine the need for additional detective or protective measures.
• Identify when additional assistance or resources are required during an incident.
• Participate in root cause analysis and lessons learned sessions.
• Write technical articles for knowledge sharing.
• Establish and maintain strong working relationships with cybersecurity, infrastructure support teams, and business unit operation centers.

Skills: Incident Management, Threat Hunting, Threat Intelligence, Patch Support, Remediation Coordination, Forensic Analysis, Root Cause Analysis, Knowledge Sharing

• Partner closely with members of the CyberSecurity Defense Center Response Team to identify, design, and integrate automated security event and incident response solutions across multiple security tools and technologies.
• Utilize secure coding practices as a guiding principle in all automation development.
• Apply expert understanding of development tools, processes, applications, programming languages, and environments to assignments.
• Enable solution modernization activities through design and development work items.
• Analyze existing automation and Response Team workflows to identify and prioritize automation opportunities.
• Provide the highest level of support for problem and issue resolution.
• Champion and guide with an innovative mindset to deliver product solutions.
• Conduct research and integrate industry best practices into processes and potential solutions.
• Drive product testing practices and solutions to ensure product quality.
• Apply practical experience with agile methodologies and continuous integration environments.

Skills: Automation Development, Secure Coding, Workflow Analysis, Solution Design, Problem Resolution, Innovation Leadership, Product Testing, Agile Practices

• Manage security incidents across the business and direct a geographically diverse team through tactical response procedures to prioritize, detect, analyze, and monitor cybersecurity incidents globally.
• Lead technical bridge lines to develop rapid containment solutions and actively manage response activities for information security incidents.
• Perform incident triage and handling by determining scope, urgency, and potential impact, recommend actions for swift remediation, and drive lessons learned while recommending security enhancements to leadership.
• Prepare reports documenting security incidents, the extent of the damage, and recommendations for posture improvements.
• Oversee the execution of global cybersecurity incident response functions, readiness plans, and playbooks.
• Stay current with evolving security threats, adversary tactics, and technology trends, applying technical knowledge and tools to defend and respond effectively to incidents.
• Manage quarterly tabletop incident response exercises.
• Maintain and enhance the incident tracking database with new features.
• Ensure effective and secure handling of digital evidence and confidentiality of sensitive matters.
• Assist in preparing monthly security metrics.
• Train operational team members on client incident response plans.
• Develop a roadmap for enhancing the incident response program.

Skills: Incident Management, Global Response, Incident Triage, Security Reporting, Playbook Oversight, Threat Awareness, Tabletop Exercises, Program Development

• Serve as an active member of the team, monitoring and processing responses for security events on a 24x7 basis.
• Plan and execute regular incident response and postmortem exercises with measurable benchmarks to identify progress or deficiencies requiring attention.
• Review and analyze cyber threats while providing support to other security analysts.
• Facilitate the development and tuning of AV, EDR, SIEM, and DLP rules to ensure high-fidelity alerting.
• Communicate with management to provide updates on incident progress, impending changes, or agreed-upon outages.
• Monitor and analyze IDS alerts, review network traffic, perform log analysis, and prioritize potential intrusion attempts against false alarms.
• Compose and distribute security alert notifications.
• Support incident responders during the investigation and resolution of computer security incidents.
• Perform detection, monitoring, analysis, and resolution of security incidents.
• Prioritize workload effectively to provide a positive customer experience.
• Participate in incident handling efforts in response to detected security incidents.
• Maintain awareness of security trends in regulations, technology, and operational requirements.
• Communicate clearly and effectively with other team members.
• Generate reports from various data sources and present findings to management.

Skills: Security Monitoring, Incident Response, Threat Analysis, Rule Tuning, Log Analysis, Alert Notification, Customer Support, Report Generation

• Manage security incidents across the organization and lead a geographically diverse team through tactical response procedures to prioritize, detect, analyze, and monitor cybersecurity incidents globally.
• Lead technical bridge lines to design rapid containment solutions and actively manage response activities for information security incidents.
• Perform incident triage and handling by assessing scope, urgency, and potential impact, recommending actions for swift remediation, and driving lessons learned while proposing security enhancements to leadership.
• Prepare detailed reports documenting security incidents, the extent of impact, and recommendations for posture improvements.
• Oversee the execution of global cybersecurity incident response functions, readiness plans, and playbooks.
• Stay informed on evolving security threats, adversary tactics, and technology trends, applying technical knowledge and tools to defend and respond to incidents.
• Manage quarterly tabletop incident response exercises.
• Maintain and improve the incident tracking database.
• Ensure secure handling of digital evidence and confidentiality of sensitive matters.
• Assist in preparing monthly security metrics.
• Train operational team members on incident response plans.
• Develop a roadmap to enhance the incident response program.

Skills: Incident Leadership, Global Response, Incident Triage, Security Reporting, Playbook Management, Threat Awareness, Tabletop Exercises, Program Development

• Administer one or more core enterprise security services, including Firewalls, Intrusion Detection/Prevention Systems, Proxy, Mail Gateways, Data Loss Prevention, Denial of Service Protection, Network Access Control, Endpoint Protection Suite, Advanced Malware Prevention, Vulnerability Management, SIEM, Identity Governance, Single Sign-On, PKI, or Privileged Account Management.
• Identify security gaps and control deficiencies, and determine steps to mitigate findings.
• Continuously self-reflect and learn soft and technical skills to adapt to the changing e-business and cybersecurity landscape.
• Analyze security alerts and perform investigations, evidence collection, and analysis.
• Prepare technical and executive-level security reports and metrics.
• Coordinate with functional teams to troubleshoot and resolve service disruptions, including participation in after-hours on-call rotation and ad-hoc incident resolution.
• Demonstrate compliance with all regulations for assigned job functions and apply regulatory knowledge to responsibilities.
• Stay current with regulatory changes and follow all policies, procedures, and compliance requirements.
• Maintain working knowledge of Bank Secrecy Act, Regulation CC, Regulation E, Bank Security, and other applicable regulations.
• Coach, mentor, or train others and teach coursework as a subject matter expert.
• Actively learn, demonstrate, and foster corporate culture in all actions and words.
• Take personal initiative and serve as a positive example for others to emulate.

Skills: Security Administration, Gap Mitigation, Alert Investigation, Security Reporting, Incident Resolution, Regulatory Compliance, Team Mentorship, Continuous Learning

• Initiate incidents, manage bridge calls, and handle communications and escalations.
• Manage critical priority incident activities by monitoring and driving incidents to closure.
• Provide detailed and timely information about incidents.
• Track and communicate changes.
• Coordinate with the Problem Management Team and Change Management Team.
• Gather information with application teams, Level 2 support, engineering teams, and other stakeholders on outages and service degradations.
• Assess the impact and sensitivity of outage situations.
• Work with leadership to recommend program improvements or process adjustments to enhance deliverables.
• Distribute reports, participate in meetings, and share metrics results.
• Support training and knowledge-sharing efforts.
• Facilitate groups, conduct training, and provide additional forms of knowledge transfer.
• Apply knowledge of IT infrastructure interdependencies and the impacts of enterprise incidents and changes to balance priorities while driving incident resolutions.
• Exercise judgment within defined practices and policies to select methods and techniques for resolving incidents.
• Facilitate the troubleshooting process among team members.
• Enable and support business units to deliver products with high quality, at high velocity, while embracing change.
• Create a culture of knowledge sharing, including best practices, PIR coaching, and targeted improvements within DevOps and engineering teams to ensure alignment across teams.
• Provide real-time insights and information to the right stakeholders in the right format.
• Help establish and follow well-defined processes that continuously evolve to support business and customer needs.

Skills: Incident Management, Bridge Facilitation, Impact Assessment, Process Improvement, Metrics Reporting, Knowledge Sharing, Troubleshooting Support, Stakeholder Communication

• Monitor and investigate normal and escalated security events to determine risk and exposure to threats.
• Perform forensic investigations to identify the impact and mitigation of each threat.
• Triage events to filter out false positives and known accepted activities.
• Lead security investigations from initial discovery to resolution and act as incident response manager for each case.
• Analyze trends based on statistics and leverage insights to streamline investigations, daily monitoring, and research.
• Perform incident and change management in a custom Security Stack and Services environment.
• Serve as an escalation point for Tier II security services incidents or complex changes involving Cisco ASA Firewalls, Palo Alto IPS, ArcSight, FireEye, and similar technologies.
• Plan and tune the environment, implement technology insertion, perform code upgrades, conduct audits, and respond to POA\&Ms.
• Develop content for security events observed in the customer environment.
• Conduct advanced computer and network forensic investigations related to malware, intrusions, data theft, denial of service, and breaches.
• Assist clients in identifying and remediating gaps discovered during investigations.
• Provide clients with guidance and advice regarding cyber incidents, forensics, and incident response.
• Document findings and produce well-written reports.

Skills: Security Monitoring, Forensic Investigation, Event Triage, Incident Management, Trend Analysis, Escalation Support, Environment Tuning, Client Reporting

• Experience in the Cybersecurity-related field, equivalent to CSOC work experience.
• Understanding of common security controls for Windows, Linux, and network equipment.
• Prior experience using IBM Qradar or other SIEM technology for log analysis.
• Working knowledge of cybersecurity investigations, threat vectors, and intrusion methods.
• SANS GIAC, CompTIA Security+ CE, or similar professional security certifications.
• Experience using Qradar Ariel Query Language to extract, filter, and perform actions on event data.
• Experience with VMWare Carbon Black and Windows forensics tools.
• Experience with ServiceNow or similar service management/ticketing systems.
• Strong attention to detail and time management skills, combined with a professional demeanor.
• Ability to assess incomplete or conflicting data and make sound, timely security decisions under pressure.
• Strong teamwork and collaboration skills.
• Emotional resilience and stress management abilities.

Qualifications: BS in Data Science with 5 years of Experience

• Relevant experience in information technology or a technology-centric role.
• Experience working in cybersecurity.
• Understanding of forensic, endpoint, and network security technologies.
• Experience in creating customized detection signatures and alerts for enterprise monitoring tools.
• Experience in conducting forensic examinations for internal investigations or e-discovery matters.
• Experience in correlating events from multiple sources to detect suspicious and/or malicious activity.
• Understanding of Cyber Security with relevant work experience and/or relevant certifications.
• Understanding of common threats, penetration/intrusion techniques, and attack vectors.
• Working knowledge of a broad range of current IT platforms and technologies.
• Strong analytical and problem-solving skills.
• Strong collaboration and teamwork abilities.
• Ability to effectively handle multiple investigations or escalations while meeting deadlines under pressure.

Qualifications: BS in Computer Science with 7 years of Experience

• Experience in a similar position or in a Security Operations Center (SOC) environment.
• Comfortable being hands-on with experience in SIEM, Web Application Firewall, IDS/IPS.
• Experience in analytical and problem-solving within a complex IT environment.
• Experience in Malware and Forensics analysis.
• A team player with experience working with remote, global teams.
• A holder of certifications in Information Security, such as OSCP, CEH, GCIH, or similar.
• Hands-on knowledge of securing cloud platforms (AWS, Azure, GCP), including identity and access management, logging, and cloud-native security controls.
• Practical experience proactively hunting for anomalies, using threat intel feeds, and mapping findings to adversary TTPs.
• Ability to use scripting languages (e.g., Python, PowerShell, Bash) to automate repetitive SOC tasks, streamline log analysis, and improve incident response efficiency.
• Ability to translate complex security findings into understandable insights for both technical and non-technical stakeholders.
• Can remain effective when priorities shift quickly, especially during critical incidents or evolving threat scenarios.

Qualifications: BS in Computer Engineering with 6 years of Experience

• Work experience in Information Security and/or IT management.
• Well-rounded foundational knowledge in computer networking, operating systems (both Windows and Unix-based operating systems), and virtualization (cloud and on-premise).
• Intermediate SOC/Incident Response core skills, including security event review, log analysis, host analysis, email analysis, and network analysis.
• Intermediate understanding of investigative theory and best practices for effective analysis.
• Sound judgment in identifying security incidents that require follow-up response or escalation.
• Strong knowledge of the Cyber Kill Chain Framework and working familiarity with the MITRE ATT&CK Framework.
• Experience in leveraging TIPs, identifying IOCs, and performing static/dynamic malware analysis to understand adversary TTPs and improve defensive measures.
• Ability to break down complex security incidents, identify root causes, and propose effective solutions.
• Strong communication and collaboration skills.
• Stay agile in rapidly evolving threat landscapes and proactively upskill to adopt new tools, techniques, and frameworks.

Qualifications: BS in Cloud Computing with 4 years of Experience

• Previous IT experience.
• Experience in a monitoring and escalation role.
• Must be open to working in a 24/7 environment.
• Basic network and server understanding.
• Flexibility on shifts, weekends, and overtime.
• Willingness to take direction and follow pre-established guidelines and procedures.
• Excellent communication and interpersonal skills in English (and/or other languages).
• ITIL Service Management Foundations or Essential certification.
• Demonstrated passion for customer service.
• Ability to work under pressure and in a fast-paced environment.
• Proven time-management skills.

Qualifications: BS in Security and Risk Analysis with 1 year of Experience

• Experience in a Cybersecurity Service Provider (CSSP) environment, Security Operations Center (SOC), or similar.
• Hold one of the following: CASP+ CE, CCNA Cyber Ops, CCNA-Security, CEH, CFR, CHFI, CISA, CISSP (or Associate), Cloud+, CND, CSSLP, CySA+ **, GCFA, GCIA, GCIH, GICSP, GSNA, SCYBER, or SSCP.
• Knowledge of and experience with Incident Response Procedures.
• Knowledge of and experience with Packet Analysis.
• Knowledge of and experience with IDS/IPS solutions.
• Familiarity with Host-Based Analysis tools.
• Experience with Log Aggregation tools.
• Strong logical thinking and analytical ability.
• Excellent verbal and written communication ability.
• Ability to learn new technology and concepts quickly.

Qualifications: BS in Cybersecurity with 3 years of Experience

• Experience in investigative or analytical roles.
• Relevant experience in investigative or analytical roles.
• Proven experience analyzing information to assess threat and risk.
• Proven experience making important decisions independently and multitasking under pressure, responding quickly to changing situations in complex environments without compromising quality.
• Experience with social media, analytical tools, and online research.
• Self-starter requiring minimal direction.
• Excellent communication skills, should have experience adapting communication style to suit different stakeholders, like cross-functional teams and law enforcement.
• Project Management, Operations, or Process Improvement experience.
• Experience working with Crisis Management, Government Agencies, or Law Enforcement.
• Multiple language proficiency to deal with Foreign Law Enforcement/Government Agencies (preferably Hindi, Portuguese, and/or Spanish).

Qualifications: BS in Cloud Security with 5 years of Experience

• Work experience in CyberSecurity with a focus on security analytics and incident response.
• Directly related experience in computer security incident handling.
• Experience with identifying and responding to advanced threats and threat actor TTPs.
• GCIA, GCIH, GREM, or applicable experience in the Information Security field.
• Excel in one or more programming/scripting languages (e.g., Perl, Java, Python, etc.).
• SQL Scripting knowledge and experience.
• Experience in performing or overseeing malware analysis.
• Experience in performing digital forensics for incident response.
• Strong Operating System Administration skills, including conceptual knowledge of OS internals and experience with core service types.
• Strong experience with *nix and Windows environments.
• Excellent communication skills, and able to communicate technical concepts to a broad range of technical and non-technical staff.
• Demonstrated time management, problem-solving, effort prioritization, and interpersonal skills.
• Can work well under pressure and within constraints to solve problems and meet objectives.
• Strong analytical/problem-solving skills and cross-functional expertise across multiple IT operational and security disciplines.
• Must possess a high degree of integrity, be trustworthy, and have the ability to lead and inspire change.

Qualifications: BS in Information Technology with 9 years of Experience

• Experience with handling and responding to an APT or FIN actor.
• Experience working directly with clients in a professional manner.
• Working knowledge of SOC best practices.
• Ability to suggest process improvements to the Government.
• Ability to author clear and concise reports.
• Ability to review and ensure QA of team member submissions.
• Ability to work with auditors to respond to and resolve identified issues in the IR processes.
• Possess GIAC Defending Advanced Threats (GDAT) or GIAC Certified Enterprise Defender (GCED) Certification.
• Experience working with FireEye.
• Knowledge of Archer and the ticketing process.
• Ability to review work from junior analysts and provide feedback for growth.
• Experience with Threat Intelligence Platforms (TIPs).
• Ability to work alongside offensive security teams to test and improve detection and response capabilities.

Qualifications: BS in Computer Science with 7 years of Experience

• Relevant experience, with prior breach response consulting experience.
• Certifications or training in SANS GCFE/GCFA/GCIH, EnCE, CISSP, or other relevant certs.
• Experience with scan/assessment tools such as Metasploit, Burp Suite, Nessus, etc.
• Familiarity with Windows, Linux, UNIX, and Mac systems.
• Any scripting or knowledge of Python, C, C++, Perl, PowerShell, or Bash.
• Knowledgeable of encryption and encoding methods, communication protocols, and algorithms.
• Capable of triaging multiple cases and managing project deliverables simultaneously.
• Self-motivated with a positive and enthusiastic approach to helping clients get through tough times.
• Clear communication skills and the ability to explain complex technical findings to both technical teams and non-technical stakeholders.
• Strong analytical mindset to quickly identify root causes and adapt response strategies.
• Comfortable working across cross-functional teams (legal, PR, IT, execs) during high-pressure incidents.

Qualifications: BS in Computer and Information Science with 6 years of Experience

• In-depth knowledge of each phase of the Incident Response life cycle.
• Expertise in Operating Systems (Windows/Linux) operations and artifacts.
• Understanding of Enterprise Network Architectures to include routing/switching, common protocols (DHCP, DNS, HTTP, etc), and devices (Firewalls, Proxies, Load Balancers, VPN, etc.).
• Ability to recognize suspicious activity/events, common attacker TTPs, perform logical analysis, and research to determine root cause and scope of Incidents.
• Experience driving the implementation and improvement of new tools, capabilities, frameworks, and methodologies.
• Ability to instill and reinforce industry best practices in the domains of incident response, cybersecurity analysis, case and knowledge management, and SOC operations.
• Ability to promote and drive the implementation of automation and process efficiencies.
• Familiarity with Cyber Kill Chain and ATT&CK Framework, and how to leverage them in Security Operations.
• Can provide guidance and mentorship to improve analyst skill sets and ensure delivery of high-quality analysis and work products.
• Ability to establish trust and business relationships with customers and other relevant stakeholders.
• Stay calm, focused, and effective while handling high-stakes breaches and tight deadlines.

Qualifications: BS in Software Engineering with 8 years of Experience

• Incident Response and Forensics experience in Cyber Defence/Information Technology.
• Extensive experience with incident response and forensics tools.
• Deep understanding of Linux, Windows, malware analysis, host/network-based forensics, memory forensics, cloud forensics, and network traffic analysis.
• Experience developing scripts and automating tasks to enhance investigations.
• Ability to lead incident response engagements and coordinate actions of other incident response analysts.
• Can proactively identify adversary activity through hypothesis-driven investigation beyond standard alerts.
• Experience leveraging and operationalizing cyber threat intelligence (CTI) to inform investigations and response.
• Familiarity with NIST, ISO 27001, GDPR, HIPAA, or other regulatory environments that influence response.
• Cloud Security Posture & Incident Response experience, beyond forensics, hands-on with securing and responding in AWS, Azure, or GCP environments.
• Experience in developing, testing, and improving IR playbooks through simulations and exercises.
• Ability to break down complex problems and identify root causes efficiently.
• Flexibility to quickly adjust to evolving threats, technologies, and client needs.
• Skilled at working with cross-functional teams and external stakeholders to achieve common goals.

Qualifications: BS in Information Assurance with 11 years of Experience

• Technical cybersecurity experience in Incident Response and Security Operations.
• Mastery of at least 4 of the following: SIEM analysis, cloud environments, Host Forensics, Network Forensics, Malware Reversing, Intrusion Detection, Anomaly Detection, Threat Research.
• In-depth knowledge of Windows, OSX, and/or *nix operating systems and forensic evidence concepts.
• Experience with cloud architecture and incident response.
• Experience with AWS, Azure, and Microsoft 365.
• Ability to lead root cause analysis of problems.
• Ability to manage multiple priorities in a high-pressure environment.
• Strong knowledge of malware families and network attack vectors.
• Strong knowledge of and experience analyzing malware, identifying Indicators of Compromise (IOC) and TTPs of various threat actors through the analysis of email, malware, endpoint, network, etc
• Strong knowledge of web applications and APIs.
• Scripting (Perl, Python, PowerShell, bash), RegEx, and PCRE experience.
• Strong understanding of static and dynamic malware analysis.
• Experience with Firewalls, Intrusion Detection Systems, and Antivirus Systems
• Experience performing log analysis from a variety of sources
• Effective in collaboration with teams in remote locations
• Strong analytical and problem-solving skills.

Qualifications: BS in Network Engineering with 10 years of Experience

• Experience in Incident Response and/or Digital Forensics in a global enterprise.
• Hold Information Security Professional Certification (e.g., CISSP, GIAC, EnCE, CFCE, CCE, DFCP, GCIA, GCIH).
• Experience with incident management and understanding of security incident management standards and best practices.
• Knowledge of common security threats, attack vectors, and penetration techniques.
• Experience with running and investigating systems using multiple platforms, including Linux, Windows, macOS, Android, and iOS.
• Experience with forensic tools such as Encase, FTK, Magnet IEF, SIFT, X-ways, Magnet Axiom, and live data capture tools.
• Experience with event analysis and correlation, and malware analysis.
• Knowledge of networking technologies, including firewalls, proxies, IDS/IPS, and network protocols.
• Knowledge of Unix shell and common scripting languages for data manipulation.
• Familiarity with IBM QRadar SIEM, Windows Defender ATP, and EDR platforms.
• Strong oral and written communication skills in English, and/or additional languages.
• Strong interpersonal and organizational skills.

Qualifications: BS in Systems Engineering with 8 years of Experience

• Certification such as GSEC, GCIH, CHFI, CCNA, CIAM, Security+, CSA+, or equivalent.
• Information technology experience in cybersecurity.
• Demonstrated experience with administering enterprise services, including client and server systems, security tools and applications, directory services, firewalls, IDS/IPS, security gateways, routers, and switches.
• Knowledge of operating system fundamentals, networking fundamentals, network protocols, web applications, and critical security controls.
• Knowledge of common attacker tactics and techniques.
• Knowledge of internal audit concepts and regulatory requirements (e.g., SOX, GLBA, etc.).
• Ability to prioritize tasks and work through issues and obstacles with minimal guidance and coaching.
• Ability to work individually and as part of a team.
• Proficient in written/verbal communication skills.
• Can evaluate complex situations, weigh risks, and make sound judgments under pressure.
• Able to develop innovative solutions to address security challenges or bypass obstacles when standard approaches don’t work.

Qualifications: BS in Forensic Computing with 3 years of Experience

• Good awareness of the current threat landscape.
• Familiarity with host forensic artefacts on both Windows and Linux, and their acquisition, processing, and interpretation.
• Ability to undertake forensic analysis of a host to support requirements such as proof of existence and proof of execution.
• Experience with network analysis and network intrusion detection.
• Understanding of firewall rules, Windows and Linux tools for analysing packet capture, netflow, and raw log files, such as those generated by firewalls, web servers, and proxies.
• Experience in writing and implementing Snort/Suricata rules.
• Excellent understanding of TCP/IP networking and protocols (including HTTP, SSL/TLS, HTTPS, HTTP/2, DNS, SMTP, IPSEC).
• Good understanding of modern malware, including execution methods, persistence, detection, C2 methods, delivery mechanisms (JavaScript, PowerShell, etc.), and entry points (phishing, drive-by, etc.).
• Knowledge of analysing artefacts to deduce the behaviour of malware in an estate, including methods of entry, evidence of lateral movement, C2/exfiltration analysis, and remediation activities.
• Familiarity with the challenges of processing large volumes of log traffic, including Windows event logs.
• Familiarity with malware dynamic analysis to determine the potential malicious intent of samples.
• Some experience with static analysis and reverse-engineering of samples and C2 protocols.
• Ability to innovate malware hunting methods.
• Familiarity with Elastic, Splunk, or similar.
• Understanding of vulnerabilities and vulnerability detection.
• Ability to launch and interpret network vulnerability scans, web scans, and port scans.
• Ability to produce and review reports.

Qualifications: BS in Software Development with 9 years of Experience

• Strong ITIL knowledge and experience.
• Functional knowledge of the MITRE ATT&CK framework.
• Experience with log analysis, malware analysis, and/or forensic analysis.
• Hands-on experience with industry-leading security tools, including EDR, SWG, SIEM, and MDM.
• Good communication skills and the ability to confidently present findings to those with either a technical or non-technical background.
• Self-directed, resourceful, and a critical thinker with attention to detail and proactive problem-solving skills.
• Ability to self-organise and plan activities with commitment towards results.
• Ready to learn new content both from others and self-learning, and passionate about self-improvement and suggesting improvements to processes or activities.
• InfoSec Certification (e.g., CISSP, CompTIA Sec, CEH, etc.).
• Cloud experience (AWS, Azure, GCP) in a production environment.
• Scripting experience (Python, Perl, Powershell, etc.).
• Experience working in Blue/Red/Purple team engagements.
• A mindset oriented to data protection and should be discreet by default.
• Capable of organising different kinds of tasks and assignments and asking for priority guidance.
• Ability to work under pressure in case of deadlines.

Qualifications: BS in Digital Forensics with 6 years of Experience

• Work experience in cybersecurity, holding one or more certifications in information security (such as GCIA, GCIH, CEH, CISSP, SSCP, Sec+, etc.).
• Sound cybersecurity knowledge foundation, including understanding of networking and application layer protocols, well-known networking protocols/services, netflow data, security-related forensic tools and techniques.
• Experience and effective participation in hunt, computer network defense, real-time analysis, and incident response activities, including the ability to reconstruct events from network, endpoint, and log data.
• Experience and understanding of host-based/endpoint protection systems.
• Experience with forensic analysis of disk images and network traffic.
• Strong critical thinking, problem-solving, and organization skills.
• Strong teamwork and collaboration skills with good written and verbal communication skills.
• Previous experience in research or the collection of data-driven information.
• Proven ability to use critical thinking skills in the creation of qualitative and/or quantitative analysis and measurements.
• An approach to work that includes initiative, sound judgment, diplomacy, and discretion.
• Ability to work independently on a variety of assignments with minimal supervision
• Strong organizational and business process skills with the ability to work with senior managers, supervisors, and constituents.
• Ability to maintain poise and professionalism under pressure.
• Ability to understand the significance of the client's organizational culture and support organizational standards.

Qualifications: BS in Management Information Systems with 7 years of Experience

• Work experience in information security, especially in an Information operations/incident role.
• Relevant technical security certifications (GIAC, EC-Council, ISC-2, etc.).
• Hands-on troubleshooting, analysis, and technical expertise to resolve incidents and service requests.
• Previous experience in troubleshooting day-to-day operational processes such as security monitoring, data correlation, security operations, etc.
• Proven experience performing analysis of security events and incidents, to determine root cause and provide resolution, and working experience against advanced persistent threats.
• Strong working knowledge of at least three of the following security tools: host-based antivirus, anti-spam gateway solutions, firewalls, IDS/IPS, server and network device hardening, data loss prevention, forensics software, vulnerability management, website security.
• Competent in using both internal and external ticketing systems for ITIL-based incident, problem, and change management.
• Solid customer orientation with excellent oral and written communication skills.
• A team-focused mentality with the proven ability to work effectively with diverse stakeholders.
• Ability to effectively influence others to modify their opinions, plans, or behaviors.
• Proactive attitude, seeking improvement opportunities that can positively impact the security posture and the business.
• Ability to work extremely well under pressure while maintaining a professional image and approach.
• Strong decision-making capabilities, with an ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
• Proactive attitude, seeking improvement opportunities that can positively impact the security posture and the business.
• Great ability to manage time and prioritize tasks.

Qualifications: BS in Computer Networks and Security with 6 years of Experience

• Experience working with CJCSM 6510.01B.
• Expert-level knowledge of network traffic and communications, including known ports and services.
• Strong knowledge of the Windows operating system, knowledge of various Linux distributions, and the Unix framework.
• Knowledge of the following security-related technologies: IPS, IDS, SIEM, firewalls, DNS, encryption, HIDS, NIDS, proxies, network packet analyzers, malware analysis, forensic tools, and enterprise-level appliances.
• Deep understanding of and the ability to perform network traffic flow and PCAP analysis.
• Understanding of and the ability to perform static malware analysis.
• Deep understanding of various open source and commercial analysis tools used for incident analysis, both network and host-based.
• Expert-level knowledge and supervision of employees of various labor categories and skills in efforts similar in size and scope to this acquisition.
• Experience in a DOD or IC IT environment.
• Understanding of DOD accreditation policies, processes, and practices.
• Expert-level knowledge in planning, directing, and managing Computer Incident Response Team (CIRT) operations in an organization similar in size to this acquisition.
• Experience in a forensic laboratory environment.
• Strong strategic thinking and decision-making abilities under pressure, and good communication skills.
• Skill in de-escalating tensions and building consensus across diverse stakeholders.
• Ability to guide, coach, and develop junior team members to strengthen organizational capability long-term.

Qualifications: BS in Cloud Security with 13 years of Experience