Kroll · 21 hours ago
Associate Principal, Response Operations, Cyber Risk L4
Maximize your interview chances
AccountingConsulting
H1B Sponsor Likely
Insider Connection @Kroll
Get 3x more responses when you reach out via email instead of LinkedIn.
Responsibilities
Perform ongoing threat hunting, analysis, containment, and remediation of threats identified through advanced endpoint detection and response (EDR), endpoint prevention (EPP), SIEM, and related security tools.
Collect and review relevant forensic artifacts to identify root cause and understand nature of threats.
Develop and communicate written and verbal threat reports associated with events to customers.
Assist in ongoing research, development, and testing of enhanced threat detection and response tools, techniques, and indicators.
Support incident engagement teams with active intrusion detection and response tasks.
Conduct threat research, forensic analysis, and basic malware analysis of threats.
Actively participate in related client meetings and teleconferences.
Assist clients with questions regarding threat detections, EDR tools, deployment, and maintenance.
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
Bachelor’s degree or higher in Computer Science, Cyber Security, Computer Engineering, or similar technical degree.
Minimum 3 years’ experience in threat hunting, detection, and response or equivalent experience.
Ability to respond rapidly, multi-task, and communicate effectively both verbally and in writing with customers, team members, and engagement managers.
Highly motivated, tenacious, assertive problem solver with a desire to analyze root cause and reach effective conclusions to active intrusions and incidents on an ongoing basis both individually and as part of larger response teams.
Solid understanding of Windows operating system fundamentals, architecture (File System, registry, processes, binaries, DLL’s, etc.) and administration concepts.
Prior experience actively using endpoint threat detection and response (EDR) products to investigate threats such as Sentinel One, Crowdstrike Falcon, VMWare Carbon Black, Windows Defender ATP, Cortex XDR, Trend Micro XDR, or others.
Understanding of common threat actor techniques, malware behavior and persistence mechanisms.
Working knowledge of various scripting languages and tools (PowerShell, Python, VB, Yara)
Working knowledge of TCP/IP and related networking concepts.
Prior experience using Splunk or other SIEM solutions, intrusion detection solutions, or related security products.
Excellent written and verbal communication skills.
Availability for occasional after-hours, weekends, and/or holiday work in response to active incidents.
Preferred
Relevant cyber security certifications including CISSP, GCIA, GCIH, GCFA, GMON, or GREM a plus.
Similar understanding of MacOS and/or Linux a plus.
Company
Kroll
Kroll is a provider of risk solutions that helps clients make confident risk management decisions.
H1B Sponsorship
Kroll has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2023 (9)
2022 (16)
2021 (19)
2020 (11)
Funding
Current Stage
Late StageTotal Funding
unknown2023-12-13Acquired
Leadership Team
Recent News
Private Equity News
2024-11-30
prnewswire.co.uk
2024-11-26
2024-05-28
Company data provided by crunchbase