Lead Incident Response Consultant

CyberArk is seeking a highly skilled security professional who can go beyond traditional incident response: deliver end-to-end incident resolution guide crisis management efforts and uncover stealthy adversaries through threat hunting and forensic analysis. As a hands-on technical expert you will work shoulder-to-shoulder with customers transforming chaos into clarity while safeguarding some of the worlds most critical infrastructures.  

As part of our incident response team youll do more than react to cyberattacks youll lead the charge in stopping attackers cold. You must triage existing threats identified by customers and identify possible new threats unknown to the client in large environments that range from simple to sophisticated. Discovery is conducted using existing and cutting-edge tools either within the customers existing environment or through newly deployed solutions. 

Responsibilities: 

• Investigate and analyze incidents with EDR systems to respond to ongoing security incidents in real-time. 
• Develop Incident Response initiatives that improve our ability to effectively respond to and remediate security incidents. 
• Communicate findings and strategies to technical staff executive leadership legal counsel and internal and external customers. 
• Create and present technical reports and timelines to customers. 
• Trace malware activity and patterns and understanding how to remove malware non-destructively. 
• Recognize attacker Tactics Techniques and Procedures (TTPs) and Indicators of Compromise (IOC) and apply to future incident response events. 
• Reverse binary files to determine the legitimacy and extract IOCs when possible. 
• Conduct forensic examinations on physical devices and perform analyses on live and collected memory. 
• Create and refine detection and incident response playbooks. 
• Collaborate with internal teams influence tool development and direct which tools are used to investigate and contain incidents. 
• Produce high-quality written reports presentations and recommendations for key stakeholders including customer leadership and legal counsel. 
• Establish a collaborative environment for sharing data on machine timelines and suspicious events. 
• Create operational metrics key performance indicators (KPIs) and service level objectives to measure team competence. 

#LI-CB1 

Qualifications :

• 4 years experience working with incident investigations utilizing EDRs SIEMs and containment procedures. 
• 4 years experience with network disk memory and cloud forensics. 
• Minimum 1 year of experience leading Incident Response investigations and performing: network/log forensics malware analysis disk forensics and memory forensics. 
• Excellent time and project management skills with strong written and verbal communication abilities capable of creating clear documentation and conveying complex technical concepts concisely. 
• Skill in building and maintaining effective relationships with customers managing expectations and ensuring seamless collaboration to achieve shared objectives. 
• Experience in deploying software within customer environments using tools such as Intune SCCM GPO AWS System Manager Azure Automation Ansible Puppet JAMF and scripts. 

Experience with the following: 

• EDRs such as CrowdStrike Falcon SentinelOne MDE 
• Leading projects and debriefing customers 
• Creating and modifying scripts 
• Enterprise security architecture and security controls. 
• Malware triage analysis and disk or memory forensics for Windows macOS or Linux 
• Software deployment tools like Intune JAMF Ansible Puppet SCCM CPO and AWS System Manager. 

Preferred experience: 

• Familiarity with collection tools like Splunk Kibana or the ELK Stack. 
• Experience conducting forensic triage and analysis across cloud environments: Azure AWS and GCP logs etc. 

Preferred certifications:  

• GCIH GX-FA GNFA GREM GCIA CREST CPIA CREST CFIA CFCE CEH etc. 

Additional Information :

We are proud to foster a diverse and inclusive workplace where every individuals unique background perspective and contribution is celebrated. We believe that by embracing diversity we drive innovation and create a stronger more united team. Inclusion is at the heart of who we are and how we succeed. All qualified applicants will receive consideration for employment without regard to race colour age religion sex sexual orientation gender identity or disability. Upon conditional offer of employment candidates are required to complete a comprehensive background check as per our internal policy.

CyberArk is an equal opportunities employer. If you would like any special arrangements made for your interview please inform the EMEA Talent Acquisition team upon your application so that we may take steps to accommodate your needs.

Remote Work :

No

Employment Type :

Full-time