Full-Time Senior DFIR & Threat Hunting Researcher

CyberArk, the global leader in Identity Security, is seeking a skilled and passionate Senior DFIR & Threat Hunting Researcher to join its Global Information Security Team.

In this role, you will conduct digital forensics and threat-hunting activities across CyberArk's global network, endpoints, and cloud environments.

Responsibilities:

1. Digital Forensics and Incident Response (DFIR):
   • Perform digital forensics analysis on various types of evidence, such as disk, memory, network, and cloud artifacts (AWS – advantage).
   • Support incident response efforts by providing technical expertise, containment, eradication, and recovery guidance.
   • Maintain and operate forensic tools and platforms, ensuring they are up-to-date and reliable.
   • Document and report on forensic findings and recommendations, following established procedures and standards.
2. Threat Hunting:
   • Proactively hunt for malicious activity and indicators of compromise across CyberArk's network, endpoints, and cloud environments using various data sources and analytical techniques.
   • Develop and refine custom threat-hunting hypotheses, queries, and dashboards based on the latest threat intelligence and trends.
   • Collaborate with the SOC team to validate, escalate, and respond to identified threats.
3. Research and Development:
   • Research emerging threats, attack vectors, threat actors, ATPs, security technologies, and CyberArk products and share insights and best practices with the team and the broader security community.
   • Develop and improve tools, scripts, correlation alerts, and automation to enhance the SOC team's DFIR and threat-hunting capabilities.

Requirements:

• Proven experience in digital forensics and incident response (5+ years), preferably in a tech company or a security consulting firm.
• Hands-on experience with industry-standard forensic tools and platforms.
• Hands-on experience with threat hunting tools, query languages, and platforms (e.g., ELK, Splunk, QRadar, KQL, SQL).
• Strong knowledge of network protocols, operating systems, malware analysis, and cloud security.
• Ability to automate tasks using scripting languages (e.g., Python & JS).
• Excellent communication and interpersonal skills.
• Excellent English proficiency (written and verbal).
• Curious and creative mindset, with a passion for learning and solving complex problems.
• Ability to work independently and collaboratively in a fast-paced, dynamic environment with a multi-region team.

Compensation: $152,000 - $210,000/year, plus commissions or discretionary bonus (performance-based). Base pay may vary depending on job-related knowledge, skills, and experience. Comprehensive benefits package available.

What is the last date for applying to the job?

Which countries are accepted for this remote job?