Cybereason gives organizations the upper hand by taking an entirely new approach to cybersecurity with AI Hunting, the first AI-powered technology that answers the question “Am I under attack?” proactively, without manual effort.
We are a company that wins as one. We are daring, always evolving, and never give up. Most importantly we accept our employee for who they are and embrace people that may not fit the typical mold #UBU.
The Cybereason Incident Response Team is hiring talented and motivated investigators eager to participate in the delivery and development of our advanced suite of high-end response tools and services. Focusing as much on building and developing innovative and industry leading capabilities as on the investigative and strategic engagement of threat actors, this is a role for those who are passionate about pushing the industry forward and raising the bar for Incident Response. The Senior Incident Response Engineer reports to the Incident Response Manager, Americas.
What you will do:
- Lead and assist with every stage of Incident Response lifecycle, including: scoping, analysis, remediation, reporting, and tactical communications.
- Conduct log analysis, host forensics, network forensics, and malware triage in support of ongoing Incident Response investigations using Cybereason’s advanced response tooling.
- Utilize Cybereason’s proprietary IR technology to conduct large-scale investigations across both the EDR and Digital Forensic evidence landscape.
- Contribute technical content such as playbooks, scripts, and automation tooling to enhance IR processes, investigation workflows, and IR infrastructure.
- Conduct research into forensic artifacts, behavioural analysis and threat hunting techniques and implement them in the Cybereason IR investigations platform.
- Develop detection and correlation content within the Cybereason IR investigation platform and EDR.
- Mentor and advise Junior analysts.
- Have the freedom to develop and work on ideas you believe will benefit the Cybereason IR team.
- Bachelor's degree in a technical field, or equivalent practical experience
- Minimum 8 years of Incident Response or comparable industry experience (threat hunting, threat detection and response, malware analysis, etc)
- Knowledge and experience of:
- at least one scripting or development language (such as Python)
- Investigations of at least one major OS family (Windows, Mac OS, *nix)
- ...and all of the following:
- Digital forensics (disk and memory collection & analysis)
- Network Security Monitoring (NSM), network traffic analysis, and log analysis
- Static and dynamic malware analysis
- Threat Hunting with EDR
- Data Analysis with Jupyter, Pandas, etc
- Threat Intelligence and adversary tracking
- Experience writing security oriented Python tooling.
- Ability to successfully interface with clients (internal and external).
- Ability to document and explain technical details in a concise, understandable manner.
- Ability to manage and balance own time among multiple tasks.
- Experience with the Golang programming language.