Full-Time Incident Response Senior Consultant

CyberArk is seeking a highly skilled Incident Response Senior Consultant to join our team.

In this role, you will be a hands-on technical leader and navigate complex technical incidents, forensics analysis, threat hunting, and malware analysis. You will assist customers in rapidly and effectively resolving security incidents at scale, providing comprehensive incident response, including investigation, containment, and crisis management.

Responsibilities:

• Investigate and analyze incidents with EDR systems to respond to ongoing security incidents in real-time.
• Develop Incident Response initiatives to improve response and remediation of security incidents.
• Trace malware activity and patterns, and understand how to remove malware non-destructively.
• Recognize Attacker Tools, Tactics, and Procedures (TTP) and Indicators of Compromise (IOC) and apply to future incident response events.
• Analyze binary files to determine legitimacy and extract IOCs when possible.
• Conduct forensic examinations on physical devices and perform analyses on live and collected memory.
• Create and refine detection and incident response playbooks.
• Collaborate with internal and customer teams to investigate and contain incidents.
• Produce high-quality written reports, presentations, and recommendations to key stakeholders, including customer leadership and legal counsel.
• Establish a collaborative environment for sharing data on machine timelines and suspicious events.
• Create operational metrics, KPIs, and service level objectives to measure team competence.

Experience Requirements:

• +14 years working with incident investigations and containment procedures.
• +4 years experience with network, disk, memory, and cloud forensics.
• +1 year leading Incident Response investigations, including network/log forensics, malware analysis, disk forensics, and memory forensics.

Skills:

• Excellent time and project management skills.
• Strong written and verbal communication abilities, capable of creating clear documentation and conveying complex technical concepts concisely.
• Skilled in building and maintaining effective relationships with customers, managing expectations, and ensuring seamless collaboration.
• Experienced deploying software within customer environments using tools such as Intune, SCCM, GPO, AWS System Manager, Azure Automation, Ansible, Puppet, JAMF, and scripts.
• Experienced with EDRs such as CrowdStrike Falcon, SentinelOne, MDE.
• Leading projects and debriefing customers.
• Creating and modifying scripts.
• Enterprise security architecture and security controls.
• Cloud incidents and forensic responses.
• Malware triage analysis and disk or memory forensics for Windows, macOS, or Linux.
• Software deployment tools such as Intune, Jamf, Ansible, Puppet, SCCM, CPO, and AWS System Manager.

Preferred Experience:

• Collection tools such as Splunk, Kibana, or ELK Stack.

Preferred Certifications:

• GCIH, GX-FA, GNFA, GREM, GCIA, CREST CPIA, CREST CFIA, CFCE, CEH, etc.

Compensation: $200,000 – $275,000/year, plus commissions or discretionary bonus, based on performance. Base pay may vary based on job-related knowledge, skills, and experience.

Benefits: Medical, dental, vision, financial, and other benefits.

Equal Opportunity Employer

Visa Sponsorship Not Available

What is the last date for applying to the job?

Which countries are accepted for this remote job?