Job Summary: 

• Investigate historical breaches and work with clients to simulate full-scale incidents to ensure preparedness for inevitable threats.
• Deliver world-class incident response services to customers.
• Lead incident simulations to help clients assess their ability to respond to major threats.
• Assist in capturing and deploying knowledge of attack methodologies.
• Drive research initiatives to enhance incident response capabilities and strengthen reputation through media interaction, public speaking, and blogs.
• Advise clients on security best practices and attack mitigation strategies.
• Provide continuous input to product development teams.
• Actively participate within the community and the broader security industry as an advocate and advisor.
• Assist with scoping prospective engagements, participate in investigations from kickoff through remediation, and mentor less experienced staff.
• Mentor the team, especially junior-level incident response consultants, in incident response and forensics.

Skills on Resume: 

• Incident Response (Hard Skills)
• Threat Simulation (Hard Skills)
• Forensic Analysis (Hard Skills)
• Attack Methodologies (Hard Skills)
• Security Best Practices (Hard Skills)
• Client Advising (Soft Skills)
• Team Mentoring (Soft Skills)
• Public Speaking (Soft Skills)

Job Summary: 

• Respond to global cyber incidents caused by internal and external threats to customers, including during nontraditional working hours.
• Map technical findings to business impacts and communicate them in a way that is understandable to non-technical audiences.
• Scope incidents, align objectives with customers, and lead teams of incident response consultants during emergency engagements.
• Specialize in host-centric analysis using forensic tools such as F-Response, X-Ways, Volatility, and Cisco AMP.
• Lead and perform incident response readiness assessments for customers.
• Draft communications, assessments, and reports for both internal and customer-facing use, including leadership and executive management.
• Understand different attack types and develop custom detection, containment, and remediation plans for customers.
• Serve as a liaison between business functions and collaborate with team members and other security teams.
• Manage relationships with business partners, management, vendors, and external stakeholders.
• Lead projects on demand.
• Develop and document processes to ensure consistent and scalable response operations.

Skills on Resume: 

• Incident Response (Hard Skills)
• Forensic Tools (Hard Skills)
• Host-Centric Analysis (Hard Skills)
• Attack Detection (Hard Skills)
• Business Communication (Soft Skills)
• Customer Engagement (Soft Skills)
• Team Leadership (Soft Skills)
• Process Development (Hard Skills)

Job Summary: 

• Help manage and coordinate cybersecurity incidents for clients.
• Build and develop cyber-response tools, author and adapt runbooks/playbooks, assess incident response maturity, and assist in table-top cyber-scenario exercises.
• Perform digital forensics of relevant incident data (disk, volatile memory, network packets, log files).
• Act as a team leader towards several Cyber Security analysts/consultants.
• Maintain a current view of the cyber threat and advise clients on the threat landscape and attacks that may be relevant to them.
• Help stand up or improve clients’ own incident response capabilities.
• Assist with project management of engagements, including scoping, financial management, and risk management.
• Liaise with clients on delivery, implementation, and sales issues.
• Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall operations.
• Mentor team members to improve the quality and consistency of analysis.

Skills on Resume: 

• Incident Management (Hard Skills)
• Cyber Response Tools (Hard Skills)
• Digital Forensics (Hard Skills)
• Threat Intelligence (Hard Skills)
• Client Advising (Soft Skills)
• Team Leadership (Soft Skills)
• Project Management (Soft Skills)
• Process Improvement (Hard Skills)

Job Summary: 

• Serve as subject matter expert in incident response capability development and improvement.
• Manage consulting workload, client requirements, and internal projects and tasking.
• Design and deliver incident response exercises to test client incident response plans, and oversee the delivery of exercises by other consultants.
• Develop detailed incident response plans and playbooks based on client needs.
• Contribute to the continual improvement of services that the company delivers to clients and the processes that the team utilizes to deliver them.
• Provide objective, actionable, and complete guidance that enables and improves clients’ incident management capabilities.
• Conduct assessments of client readiness to respond to incidents, including designing and delivering incident response exercises to test client incident response capabilities.
• Review the assessments of other consultants.
• Support complex incident response, review analysis, and conclusions of other consultants.
• Document findings, develop recommendations, and present both orally and in written reports.
• Promote Secureworks by participating in external speaking engagements, writing whitepapers and blog posts, and ensuring identification of opportunities for additional support to be provided to clients.
• Mentor junior staff.

Skills on Resume: 

• Incident Response Expertise (Hard Skills)
• Workload Management (Soft Skills)
• Exercise Design (Hard Skills)
• Incident Response Plans (Hard Skills)
• Service Improvement (Soft Skills)
• Client Guidance (Soft Skills)
• Incident Readiness Assessment (Hard Skills)
• Staff Mentoring (Soft Skills)

Job Summary: 

• Partner with customers to help them understand cyber threats and incidents in context and enable them to make informed decisions about their security program.
• Tailor communication to the customer’s level of expertise, providing education and information to help them understand the bigger picture and make educated decisions.
• Advocate for the customer’s well-being, provide expert security advice, and rally internal resources for the benefit of the customer.
• Use deep knowledge and experience to ask the right questions to customers and provide advice to advance the maturity of their security programs.
• Identify, scope, and manage ongoing customer incidents, develop and implement remediation plans, and augment customer security gaps with the necessary skills and resources to improve their security.
• Immerse yourself in the customer’s environment enough to immediately recognize evidence of potential threats.
• Augment the automated detection of the technical stack with manual hunting to identify anomalous behaviors within customer environments, and use hunting results to drive innovation of detection capabilities.
• Collaborate with colleagues on conference presentations and research-driven reports.
• Assist in the maintenance of technical documentation.
• Assist the agencies in understanding and implementing continuous monitoring.

Skills on Resume: 

• Customer Partnership (Soft Skills)
• Tailored Communication (Soft Skills)
• Security Advising (Soft Skills)
• Security Program Maturity (Hard Skills)
• Incident Management (Hard Skills)
• Threat Hunting (Hard Skills)
• Collaboration (Soft Skills)
• Technical Documentation (Hard Skills)

Job Summary: 

• Support service requests about CDM data quality and the agency's improved security posture.
• Provide monitoring of tools and processes.
• Provide and perform dashboard and tool remediation and recommendations.
• Coordinate incident response both across internal teams and act as a liaison with external security organizations.
• Perform initial triage on security events.
• Monitor and analyze security events and alerts from multiple sources and look for trends.
• Respond to potential threats and vulnerabilities.
• Separate true threats from false positives using network and log analysis, and escalate possible intrusions and attacks.
• Investigate intrusion attempts and perform in-depth analysis of exploits.
• Independently follow procedures to contain, analyze, and eradicate malicious activity.
• Document all activities during an incident and provide leadership with status updates during the lifecycle of the incident, as well as create a detailed final report.
• Develop advanced queries and alerts to detect adversary actions.
• Provide information regarding intrusion events, security incidents, and other threat indications and warning information to US government agencies.

Skills on Resume: 

• Data Quality Support (Hard Skills)
• Security Monitoring (Hard Skills)
• Dashboard Remediation (Hard Skills)
• Incident Coordination (Soft Skills)
• Event Triage (Hard Skills)
• Threat Analysis (Hard Skills)
• Intrusion Investigation (Hard Skills)
• Incident Reporting (Hard Skills)

Job Summary: 

• Conduct incident response investigations for data breaches and security incidents using a wide range of security tools.
• Utilize system forensics tools (e.g., Encase, Axiom, FTK Imager, X-Ways, SIFT), data analytics platforms (e.g., Splunk, ELK Stack), and security solutions (e.g., ArcSight, AlienVault, NetWitness, FireEye, Fidelis, RedSeal, SkyBox, Cylance, Suricata, SolarWinds, Palo Alto, Cisco devices).
• Leverage both commercial and proprietary tools to identify the source of compromises and malicious activity within client environments.
• Perform SOC and CERT monitoring and analysis by utilizing SIEM tools like ArcSight and AlienVault, along with data analytics platforms such as Splunk and ELK Stack.
• Employ network modeling tools (e.g., RedSeal, Skybox), malware detection tools (e.g., Cylance, Sentinel One), and APT detection and mitigation solutions (e.g., Fidelis, FireEye).
• Leverage network management tools like SolarWinds to support comprehensive threat detection and incident response efforts.
• Conduct security gap analysis assessments, penetration testing, red-team assessments, and vulnerability assessments to identify security vulnerabilities and issues in client environments.
• Conduct compliance audits and assessments for Sarbanes-Oxley, PCI, ISO 27001, NIST 800-171, HIPAA/HITECH, GDPR, and others.
• Assist with managing the full life cycle of incident response engagements, including scoping work, guiding clients through the incident response process, containing security incidents involving sophisticated APT-level actors, providing guidance on longer-term remediation recommendations, and managing both short-term and long-term containment and remediation.
• Recognize and codify attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied to current and future investigations.
• Build scripts, tools, or methodologies to enhance incident investigation processes.
• Develop comprehensive and accurate reports and presentations for both technical and executive audiences.
• Communicate investigative findings and strategy effectively to client stakeholders, including technical staff, executive leadership, and legal counsel.
• Work with network security and IT operations at clients to implement containment and eradication actions and remediation measures in response to incidents.

Skills on Resume: 

• Incident Response (Hard Skills)
• Forensic Tools (Hard Skills)
• SIEM Monitoring (Hard Skills)
• Threat Detection (Hard Skills)
• Vulnerability Assessment (Hard Skills)
• Compliance Auditing (Hard Skills)
• IOC Development (Hard Skills)
• Client Communication (Soft Skills)

Job Summary: 

• Execute security and privacy investigations for clients in preparation for and in response to data security matters, including ongoing breach detection, threat analysis, incident response, and malware analysis.
• Provide expert digital forensic support for counsel and clients in response to data security incidents such as data breaches or fraud.
• Assist in drafting forensic reports, affidavits, and provide expert testimony in digital forensics and incident response.
• Engage in problem-solving and forensic analysis of digital information using standard evidence handling techniques and computer forensics tools.
• Identify, research, and organize information to assess the appropriateness and sufficiency of available data to facilitate effective data access and analysis.
• Develop familiarity with data that serves as input to analysis, including threat intelligence, logging data, and contextual clues.
• Recognize relationships among multiple sources and types of information to facilitate effective data analysis.
• Apply programming, model building, and database administration skills using Python, T-SQL, VBA, Excel, C#, and other tools.
• Ensure reliability of analysis and risk management by implementing quality control measures and documentation.
• Forensically acquire data and images from identified hosts and locate evidence of compromise to determine impact through disk, file, memory, and log analysis.

Skills on Resume: 

• Incident Response (Hard Skills)
• Malware Analysis (Hard Skills)
• Digital Forensics (Hard Skills)
• Forensic Reporting (Hard Skills)
• Data Analysis (Hard Skills)
• Threat Intelligence (Hard Skills)
• Programming Skills (Hard Skills)
• Quality Control (Hard Skills)

Job Summary: 

• Identify artifact and evidence locations to answer critical questions, including execution, file access, data theft, anti-forensics, and detailed system usage by adversaries.
• Detect and hunt unknown live, dormant, and custom malware across multiple hosts in enterprise environments.
• Create indicators of compromise (IOCs) from analysis to strengthen incident response and threat intelligence efforts.
• Track adversary activity in detail on hosts using in-depth timeline analysis.
• Determine the type of malware used in attacks, including rootkits, backdoors, and Trojan horses, and select appropriate defenses and response tactics.
• Identify lateral movement and pivots within client enterprises to reveal how adversaries transition from system to system without detection.
• Use physical memory analysis tools to determine adversary activities on hosts and pivot points across networks.
• Examine network traffic using common protocols to identify patterns of activity or specific actions requiring further investigation.
• Identify and track malware beaconing outbound to command and control (C2) channels through memory forensics, registry analysis, and network connections.

Skills on Resume: 

• Evidence Analysis (Hard Skills)
• Malware Hunting (Hard Skills)
• IOC Creation (Hard Skills)
• Timeline Analysis (Hard Skills)
• Malware Identification (Hard Skills)
• Lateral Movement Detection (Hard Skills)
• Memory Forensics (Hard Skills)
• Network Traffic Analysis (Hard Skills)

Job Summary: 

• Leverage experience and knowledge of incident response leading practices and frameworks (e.g., NIST SP 800-61, SANS, MITRE ATT\&CK).
• Assist in the assessment and development of incident response capabilities across all phases of the incident lifecycle (preparation through eradication).
• Build presentations and other materials for client sessions and workshops, and support their delivery.
• Identify and recommend technologies to support client incident response processes, and work with technology partners to facilitate their implementation.
• Develop and refine incident response policies, standards, plans, playbooks, and standard operating procedures based on client needs.
• Support the testing of incident response capabilities through tabletop exercises and other simulations.
• Work with delivery partners to conduct advanced computer and network forensic investigations relating to malware, intrusions, theft of information, denial of service, data breaches, and other threats.
• Create detailed and insightful incident reports, and assist in identifying and remediating gaps.
• Provide guidance and advice regarding cyber incidents, forensics, and incident response.
• Monitor and report on progress in completing projects and deliverables.

Skills on Resume: 

• Incident Response Frameworks (Hard Skills)
• Capability Assessment (Hard Skills)
• Client Presentations (Soft Skills)
• Technology Recommendations (Hard Skills)
• Policy Development (Hard Skills)
• Tabletop Exercises (Hard Skills)
• Forensic Investigations (Hard Skills)
• Incident Reporting (Hard Skills)

Job Summary: 

• Maintain awareness and understanding of evolving threats and intrusion trends to provide subject matter expertise and insight to clients on attack trends and defenses.
• Maintain awareness of technologies that support the incident response process, along with their relative strengths and weaknesses.
• Identify and attend training to keep skills current.
• Create methods and frameworks to support sales of professional services.
• Build presales materials such as proposals and statements of work.
• Support pre- and post-sales meetings and presentations with clients.
• Consistently deliver engagements against established schedules and budgets, coordinating with team members and delivery partners.
• Help to build eminence materials and support their publication and delivery.
• Identify opportunities to improve internal processes and recommend changes.
• Mentor and motivate team members to provide outstanding client service.
• Help define and bring to market new offerings and capabilities.
• Understand the scope of services provided by the cyber risk division and identify opportunities within the client base to deliver additional services.

Skills on Resume: 

• Threat Intelligence (Hard Skills)
• Technology Awareness (Hard Skills)
• Professional Development (Soft Skills)
• Presales Support (Soft Skills)
• Project Delivery (Soft Skills)
• Process Improvement (Soft Skills)
• Team Mentoring (Soft Skills)
• Service Development (Hard Skills)

Job Summary: 

• Lead or oversee business-specific projects by leveraging deep subject matter expertise and ensuring compliance with all relevant procedures and policies.
• Develop and implement work plans aligned with business priorities and deadlines, while managing resources and collaborating across teams to drive effective decision-making.
• Address complex problems, escalate risks on demand, and monitor progress to ensure successful outcomes.
• Continuously identify improvement opportunities, evaluate recommendations, and influence project completion through coordination and leadership.
• Demonstrate self-leadership and foster learning in others by building strong relationships with cross-functional stakeholders, sharing insights, and guiding project progress.
• Influence team members, respond to feedback, and mentor junior colleagues while adapting to shifting priorities and new responsibilities.
• Provide constructive feedback, including upward feedback, and develop plans to leverage strengths and address improvement areas.
• Embrace change, challenges, and feedback as opportunities for growth and development.
• Lead team in the proactive monitoring and/or response to known or emerging threats against the KP network.
• Communicate investigative findings effectively to non-technical audiences.
• Plan and facilitate regular operations meetings with TDA, TRI, and/or TAG teams.

Skills on Resume: 

• Project Leadership (Soft Skills)
• Work Planning (Hard Skills)
• Risk Management (Hard Skills)
• Process Improvement (Soft Skills)
• Stakeholder Collaboration (Soft Skills)
• Team Mentoring (Soft Skills)
• Constructive Feedback (Soft Skills)
• Threat Monitoring (Hard Skills)

Job Summary: 

• Support closed-loop processes on security efforts by providing feedback to the TDA leads and/or leadership.
• Participate in information fusion procedures across operations and engineering, including activities such as Use Case planning/development, Use Case quality assurance validation, and response procedure documentation.
• Serve as a liaison between stage teams and upper management by identifying issues, improvement areas, or security/architectural gaps and suggesting appropriate improvements.
• Drive the development of the CDC's intellectual capital by leading process or procedure improvements, consulting on brown bag training sessions, and leading the development of new training documents.
• Partner with the CDC Policy Engineers and Remediation teams to contain identified issues and determine the best approach for improving security posture.
• Facilitate follow-up remediation design and review efforts.
• Lead the investigation and triage of security events across multiple domains.
• Lead complex data analyses in support of security event management processes, including root cause analysis.
• Coordinate the response and resolution of high-impact or critical cybersecurity incidents.
• Lead the deployment of threat detection capabilities and/or incident response plans, which may include after-hours support and coordination among responsible teams.
• Drive the execution of incident detection and/or handling processes, which may include containment, protection, and remediation activities.

Skills on Resume: 

• Process Feedback (Soft Skills)
• Use Case Development (Hard Skills)
• Management Liaison (Soft Skills)
• Process Improvement (Soft Skills)
• Security Remediation (Hard Skills)
• Event Investigation (Hard Skills)
• Data Analysis (Hard Skills)
• Incident Coordination (Soft Skills)

Job Summary: 

• Assess private sector client and public sector agency IT environments for incident response readiness and post-incident responsiveness, including forensic investigation and the recommendation of best practices to reduce the impact of current cyber incidents and minimize the likelihood of future occurrences.
• Monitor and analyze intrusion detection system (IDS) logs to identify security issues for remediation.
• Recognize potential, successful, and unsuccessful intrusion attempts and compromises through thorough reviews and analyses of relevant event details and summary information.
• Communicate alerts to clients regarding intrusions and compromises to their network infrastructure, applications, and operating systems.
• Recommend countermeasures and mitigating controls by reviewing multiple data sources to gather indications and warnings, as well as attack sensing and warning information.
• Perform periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system integrity, and external web integrity scans to determine compliance.
• Prepare incident reports documenting analysis methodologies and results.
• Maintain current knowledge of relevant cybersecurity technologies.
• Analyze networks at the packet level and review packet captures at the expert level.
• Use computer network defense (CND) tools to detect network attacks, including enterprise security information and event management (SIEM) systems, intrusion detection and prevention systems (IDS/IPS), web content monitoring systems such as WebSense and Bluecoat, and firewall and syslog logs.

Skills on Resume: 

• Readiness Assessment (Hard Skills)
• IDS Monitoring (Hard Skills)
• Intrusion Analysis (Hard Skills)
• Client Communication (Soft Skills)
• Countermeasure Recommendation (Hard Skills)
• Vulnerability Assessment (Hard Skills)
• Incident Reporting (Hard Skills)
• Packet Analysis (Hard Skills)

Job Summary: 

• Serve as part of the technical team on incident response engagements.
• Develop and use new methods to hunt for bad actors across large sets of data.
• Work under the direction of project leadership and outside counsel to conduct intrusion investigations.
• Perform host and network-based forensics across Windows, Mac, and Linux platforms.
• Support the production of high-quality written and verbal reports, presentations, recommendations, and findings for key stakeholders, including customer management, regulators, and legal counsel.
• Perform consultancy for F-Secure clients and produce high-quality reports to present findings and guidance.
• Maintain target utilization on client chargeable projects while working as an Incident Response Consultant.
• Produce output that highlights the technical competence of the company to a standard suitable for publication.
• Support the practice area in successful delivery and growth.
• Conduct host, network, and application forensic investigations to identify indicators of compromise (IOCs) and determine the root cause of cyber incidents.
• Ascertain the extent of compromises, detail attributes of threat actor tooling and malware, and determine if data was exfiltrated.

Skills on Resume: 

• Threat Hunting (Hard Skills)
• Intrusion Investigation (Hard Skills)
• Forensic Analysis (Hard Skills)
• Multiplatform Forensics (Hard Skills)
• Stakeholder Reporting (Soft Skills)
• Client Consultancy (Soft Skills)
• IOC Identification (Hard Skills)
• Malware Analysis (Hard Skills)

Job Summary: 

• Identify patterns and outliers within data sets that match threat actor TTPs, post-compromise behavior, and unusual activity such as insider threats.
• Create and modify SIEM dashboards to clearly identify the scope of findings and monitor activity.
• Provide expert investigative analysis of large-scale and complex security incidents, including identifying incidents for which a technical detection may not be available.
• Deliver insider threat and APT detection as well as malware analysis and forensics.
• Conduct dynamic and static malware analysis on samples obtained during incident handling or hunt operations to identify indicators of compromise (IOCs).
• Perform reactive incident response functions, including host-based analysis of Windows, Linux, and Mac OS X systems to identify IOCs.
• Examine firewall, web, database, and other log sources to uncover evidence of malicious activity.
• Investigate data breaches using forensic tools such as EnCase, FTK, X-Ways, SIFT, Splunk, and custom Crypsis tools to determine the source of compromises and malicious activity in client environments.
• Manage incident response engagements by scoping work, guiding clients through forensic investigations, containing security incidents, and providing long-term remediation recommendations.
• Mentor team members in incident response and forensics best practices.
• Author comprehensive forensic findings reports detailing attack timelines from initial intrusion through final objective, and provide appropriate recommendations.
• Maintain expert knowledge of forensic tools, industry best practices, and threat actor tools, techniques, and procedures (TTPs).
• Champion CFC’s core values and culture while upholding integrity, accuracy, and quality in response offerings.

Skills on Resume: 

• Threat Pattern Analysis (Hard Skills)
• SIEM Dashboarding (Hard Skills)
• Incident Investigation (Hard Skills)
• Insider Threat Detection (Hard Skills)
• Malware Analysis (Hard Skills)
• Forensic Tools (Hard Skills)
• Incident Management (Hard Skills)
• Team Mentoring (Soft Skills)