Senior Cyber Security Consultant
Job Details
Full Job Description
***Must have a Security Clearance - Secret preferred***
In this role, you will:
• Take a lead role in client investigation and response engagements, influencing the response strategy with stakeholders from technical to senior management
• Report and present detailed results and recommendations to both technical and non-technical stakeholders
• Work in partnership with the client Cybersecurity sales teams, demonstrating the capacity and ability of the forensics business to potential clients
• Collect and investigate data from a wide range of systems and software to understand the attacker activity and produce a containment strategy
• Engage in skills transfer both internally and, when required, with customers.
• Work to respond in real time to advanced attackers in complicated and fluid environments
• Work with an enthusiastic and expert team to contribute to keeping the methodology at the cutting edge
• Collaborate with the other cyber security teams to add value to the company suite of service offerings
Ideally, you will have:
• Experience performing Digital Forensics and Incident Response (DFIR) investigations on multiple Operation Systems; Windows, Mac and Linux
• Tool agnostic with an emphasis on knowing the forensic artifacts themselves versus relying on tool output
• Knowledge of and the ability to use popular EDR technologies during DFIR engagements
• Experience analyzing a myriad of system and network logs using Splunk and/or ELK
• Experience responding to APT style targeted attacks, with a good understanding of operational security concepts during live breaches
• Knowledge of threat hunting and knowledge of the artifacts necessary to review while threat hunting
• Ability to analyze PCAP data
• Ability to triage and analyze malware dynamically within a virtual environment to quickly gain a set of IOCs during an IR engagement
• Knowledge of System Administrator roles and responsibilities with an understanding of Windows Domain environments
• Experience performing memory analysis as part of an incident response engagement
• Ability to be client facing by interacting with our clients and their executive leadership
• Creative problem-solving self starter, and an analytic and qualitative eye for reasoning
• Ability to work with a remote team via collaboration tools
• Strong documentation skills, ability to write executive and technical DFIR reports
Useful but not essential:
• DFIR experience, including incident management
• Proficient in either Python or Powershell
• Experience with analysis of VBS and other WSH languages as well as web languages such as PHP and JS
• Incident response certifications such as those offered by SANS/CREST/GIAC
• Experience creating dashboards, writing Logstash filters, and Lucene queries
• Knowledge performing DFIR investigations in Cloud environments (Azure, O365, AWS, and Google)
• Any languages in addition to English
Senior Cyber Security Consultant
OnX Canada
All Direct Job Ads are subject to WhatJobs Terms of Service. We allow users to flag postings that may be in violation of those terms. Job Ads may also be flagged by WhatJobs. However, no moderation system is perfect, and flagging a posting does not ensure that it will be removed.