Incident Response Senior Consultant

CyberArk is seeking a highly skilled Incident Response Senior Consultant to join our team. In this role you will be a handson technical leader and navigate complex technical incidents forensics analysis threat hunting and malware analysis. You will assist customers in rapidly and effectively resolving security incidents at scale providing comprehensive incident response including investigation containment and crisis management.

Responsibilities:

• Investigate and analyze incidents with EDR systems to respond to ongoing security incidents in realtime.
• Develop Incident Response initiatives that improve our ability to respond and remediate security incidents effectively.
• Tracing malware activity and patterns and understanding how to remove malware nondestructively.
• Recognize attacker Tools Tactics and Procedures (TTP) and Indicators of Compromise (IOC) and apply to future incident response events.
• Analyze binary files to determine the legitimacy and extract IOCs when possible
• Conducting forensic examinations on physical devices and performing analyses on live and collected memory.
• Create and refine detection and incident response playbooks.
• Collaborate with internal and customer teams to investigate and contain incidents.
• Produce highquality written reports presentations and recommendations to key stakeholders including customer leadership and legal counsel.
• Establishing a collaborative environment for sharing data on machine timelines and suspicious events.
• Create operational metrics key performance indicators (KPIs) and service level objectives to measure team competence.

#LIKR1

Qualifications :

• 4 years experience working with incident investigations and containment procedures
• 4 years experience with network disk memory and cloud forensics
• Minimum 1 year of experience leading Incident Response investigations and performing the following: network/log forensics malware analysis disk forensics and memory forensics.
• Excellent time and project management skills with strong written and verbal communication abilities capable of creating clear documentation and conveying complex technical concepts concisely.
• Skilled in building and maintaining effective relationships with customers managing expectations and ensuring seamless collaboration to achieve shared objectives
• Experienced deploying software within customer environments using tools such as Intune SCCM GPO AWS System Manager Azure Automation Ansible Puppet JAMF and scripts.
• Experienced with the following:
  • EDRs such as CrowdStrike Falcon SentinelOne MDE
  • Leading projects and debriefing customers
  • Creating and modification of scripts
  • Enterprise security architecture and security controls.
  • Cloud incidents and forensic responses.
  • Malware triage analysis and disk or memory forensics for Windows macOS or Linux
  • Software deployment tools such as Intune Jamf Ansible Puppet SCCM CPO and AWS System Manager.
• Preferred experience:
  • Collection tools such as Splunk Kibana or ELK Stack
  • Familiarity with collection tools like Splunk Kibana or the ELK Stack.
• Preferred certifications: GCIH GXFA GNFA GREM GCIA CREST CPIA CREST CFIA CFCE CEH etc.

Additional Information :

CyberArk is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race color religion creed sex sexual orientation gender identity national origin disability or protected Veteran status. 

We are unable to sponsor or take over sponsorship of employment Visa at this time.

The salary range for this position is $200000 $275000/year plus commissions or discretionary bonus which will be based on the employees performance. Base pay may also vary considerably depending on jobrelated knowledge skills and experience. The compensation package includes a wide range of medical dental vision financial and other benefits. 
 

Remote Work :

Yes

Employment Type :

Fulltime