The position includes multiple challenging aspects, such as creation of detection analyses, attack scenarios research, team capabilities developments, client interactions, and in-depth investigation, which include host forensics work in both Windows and Linux systems, and cloud environments (e.g., AWS, GCP and Azure).
Main Responsibilities
Perform Post-Breach monitoring activities in global clients environment including in-depth triage of alerts and host forensics analysis.
Develop out-of-the-box and tailor-made analyses and detection to monitor the clients environment, often based on known threat actor tactics, techniques and procedures. This work may include research activities to support the detection development.
Support major Incident Response engagements with accurate detection after a potential active threat actor in the clients network.
Work on maintaining the necessary visibility and log forwarding for the ongoing monitoring engagements, including host-based data, Cloud environments, network devices, etc.
Apply proactive threat hunting approach in ongoing monitoring engagements, including forensic host and network-based analysis, malware hunt and wide IOC searches.
Develop capabilities and automations for alerts handling, triage and escalation, visibility maintenance, reporting, and more.
Onboard new customers by assessing their security posture, tailoring monitoring systems to their environment, and integrating their security frameworks into our services.
Often work alongside global clients security personnel when providing regular updates and following-up on alerts and security events.
Generate and provide reports and metrics on actionable data: incidents, weekly aggregation/trending, follow up procedures, visibility status, etc.
3-5 years of a relevant experience in the cyber security field from military service and/or industry in cyber defense roles.
Strong analytical thinking, problem-solving mindset and independency.
Independent, bright and positive analyst, who strive for excellency, and able to succeed in a dynamic environment.
Basic understanding of the life cycle of advanced security threats, attack vectors and methods of exploitation.
Hands-on experience working with SIEM technologies. (e.g. Splunk, QRadar, ArcSight, Exabeam, etc.)
Good familiarity of common data and log sources for monitoring, detection and analysis (e.g., Event Logs, Firewall, EDR).
Strong technical understanding of network fundamentals, common Internet protocols and system and security controls.
Familiarity of system and security controls, including basic knowledge of host-based forensics and OS artifacts.
Proficient knowledge and experience with scripting (e.g., Python).
Familiarity with cloud infrastructure, web application and servers advantage.
Fluent English (written, spoken) a must.
Proven expertise in engaging with clients through effective communication and interpersonal skills.
Willingness to work off hours as required, with a potential traveling to clients
