Description
Ciphera is looking for an Incident Response Expert to join our team. This role involves conducting forensic analyses, investigations, and responses to a variety of cyber threats. A key aspect of our work involves on-site collaboration with our clients’ IT and security teams to address and mitigate these threats effectively.
Key Responsibilities:
- Engage in detailed forensic investigations and incident response activities, tackling sophisticated and large-scale attacks through log analysis, and conducting both host and network-based forensics, as well as malware analysis.
- Lead in proactive threat hunting efforts to detect targeted attacks and emerging threats within client networks, including security assessments and simulations.
- Determine indicators of compromise (IOCs) and analyze tools, tactics, and procedures (TTPs) to evaluate breach occurrences and methods.
- Develop and refine tools and methodologies to enhance our technological stack for investigations and threat hunting.
- Work in tandem with client IT and Security teams to facilitate comprehensive investigations.
- Produce and deliver detailed, professional reports summarizing investigation findings.
Qualifications
- A minimum of 3 years’ relevant experience in either military service or the cybersecurity industry.
- A bright, inquisitive team player with a drive for excellence.
- A problem-solver and deep thinker with a growth mindset.
- Proven understanding of the lifecycle of advanced security threats, including attack vectors and exploration methods.
- Strong technical foundation in network fundamentals and common internet protocols.
- Proficient in system and security controls across multiple operating systems (Windows, Linux/Unix, MacOS), with expertise in host-based forensics and OS artifact analysis.
- Experience with scripting languages (e.g., Python).
- Cross-disciplinary skills and knowledge, including:
- Hands-on data analysis experience, ideally in network traffic or log analysis, using platforms like Jupyter, Splunk, pandas, or SQL.
- Knowledge of cloud infrastructure, web applications and servers, and mobile platforms (Android and iOS).
- Skills in malware analysis and reverse engineering.
- Experience with enterprise SIEM platforms (e.g., Splunk, QRadar, ArcSight).
- Exceptional communication and interpersonal skills, with fluency in English and the ability to clearly document and articulate technical information.
