Apply on Employer Site

CyberArk · 2 weeks ago

Incident Response Senior Consultant

United States

Full-time

Remote

Mid, Senior Level

$200K/yr - $275K/yr

4+ years exp

CyberArk is the global leader in Identity Security, providing comprehensive security offerings for any identity across various environments. The Incident Response Senior Consultant will lead technical incident navigation, forensics analysis, and threat hunting to assist customers in effectively resolving security incidents.

Cloud SecurityCyber SecuritySecurity

Growth Opportunities

No H1B

Responsibilities

Investigate and analyze incidents with EDR systems to respond to ongoing security incidents in real-time

Develop Incident Response initiatives that improve our ability to respond and remediate security incidents effectively

Tracing malware activity and patterns and understanding how to remove malware non-destructively

Recognize attacker Tools, Tactics, and Procedures (TTP) and Indicators of Compromise (IOC) and apply to future incident response events

Analyze binary files to determine the legitimacy and extract IOCs when possible

Conducting forensic examinations on physical devices and performing analyses on live and collected memory

Create and refine detection and incident response playbooks

Collaborate with internal and customer teams to investigate and contain incidents

Produce high-quality written reports, presentations, and recommendations, to key stakeholders including customer leadership, and legal counsel

Establishing a collaborative environment for sharing data on machine timelines and suspicious events

Create operational metrics, key performance indicators (KPIs), and service level objectives to measure team competence

Qualification

Incident ResponseDigital ForensicsMalware AnalysisEDR SystemsCloud ForensicsNetwork ForensicsMemory ForensicsDisk ForensicsScriptingCustomer Relationship ManagementOperational MetricsKPI DevelopmentService Level ObjectivesSecurity ArchitectureSoftware DeploymentCollection ToolsCertificationsProject ManagementCommunication SkillsCollaborationDocumentation SkillsTechnical Reporting

Required

4+ years' experience working with incident investigations and containment procedures

4+ years' experience with network, disk, memory, and cloud forensics

Minimum 1 year of experience leading Incident Response investigations and performing the following: network/log forensics, malware analysis, disk forensics, and memory forensics

Excellent time and project management skills with strong written and verbal communication abilities, capable of creating clear documentation and conveying complex technical concepts concisely

Skilled in building and maintaining effective relationships with customers, managing expectations, and ensuring seamless collaboration to achieve shared objectives

Experienced deploying software within customer environments using tools such as Intune, SCCM, GPO, AWS System Manager, Azure Automation, Ansible, Puppet, JAMF, and scripts

Experienced with the following: EDRs such as CrowdStrike Falcon, SentinelOne, MDE, Leading projects and debriefing customers, Creating and modification of scripts, Enterprise security architecture and security controls, Cloud incidents and forensic responses, Malware triage analysis and disk or memory forensics for Windows, macOS, or Linux, Software deployment tools such as Intune, Jamf, Ansible, Puppet, SCCM, CPO, and AWS System Manager