Associate Principal, Response Operations, Cyber Risk

United States

Applications have closed

Kroll

As the leading independent provider of risk and financial advisory solutions, Kroll leverages our unique insights, data and technology to help clients stay ahead of complex demands. Click for more details.

View all jobs at Kroll

Clients count on us for quick and expert support in the event of and in preparation against a cyber incident; from incident response to risk assessments, and complex forensics to breach notification and ID theft remediation we help clients – of all sizes – respond with confidence.

At Kroll, your work will help deliver clarity to our clients’ most complex governance, risk, and transparency challenges. Apply now to join One team, One Kroll. 

This position is remote. Candidates with the ability to work 9:00 to 17:00 PST are preferred.

Day-to-day Responsibilities:

We are looking for bright, motivated, and inquisitive minds to join our Kroll Responder 24x7 monitoring and response team who are experienced in and passionate about modern cyber threat hunting and active response.  Our Senior Associates use leading endpoint detection and response tools to rapidly identify, investigate, and respond to threats and threat actors impacting systems and networks around the globe every day.

  • Perform ongoing threat hunting, analysis, containment, and remediation of threats identified through advanced endpoint detection and response (EDR), endpoint prevention (EPP), SIEM, and related security tools.
  • Collect and review relevant forensic artifacts to identify root cause and understand nature of threats.
  • Develop and communicate written and verbal threat reports associated with events to customers.
  • Assist in ongoing research, development, and testing of enhanced threat detection and response tools, techniques, and indicators.
  • Support incident engagement teams with active intrusion detection and response tasks.
  • Conduct threat research, forensic analysis, and basic malware analysis of threats.
  • Actively participate in related client meetings and teleconferences.
  • Assist clients with questions regarding threat detections, EDR tools, deployment, and maintenance.

Essential Traits:

  • Bachelor’s degree or higher in Computer Science, Cyber Security, Computer Engineering, or similar technical degree.
  • Minimum 3 years’ experience in threat hunting, detection, and response or equivalent experience.
  • Ability to respond rapidly, multi-task, and communicate effectively both verbally and in writing with customers, team members, and engagement managers.
  • Highly motivated, tenacious, assertive problem solver with a desire to analyze root cause and reach effective conclusions to active intrusions and incidents on an ongoing basis both individually and as part of larger response teams.
  • Solid understanding of Windows operating system fundamentals, architecture (File System, registry, processes, binaries, DLL’s, etc.) and administration concepts.  Similar understanding of MacOS and/or Linux a plus.
  • Prior experience actively using endpoint threat detection and response (EDR) products to investigate threats such as Sentinel One, Crowdstrike Falcon, VMWare Carbon Black, Windows Defender ATP, Cortex XDR, Trend Micro XDR, or others.
  • Understanding of common threat actor techniques, malware behavior and persistence mechanisms.
  • Working knowledge of various scripting languages and tools (PowerShell, Python, VB, Yara)
  • Working knowledge of TCP/IP and related networking concepts.
  • Prior experience using Splunk or other SIEM solutions, intrusion detection solutions, or related security products.
  • Relevant cyber security certifications including CISSP, GCIA, GCIH, GCFA, GMON, or GREM a plus.
  • Excellent written and verbal communication skills
  • Availability for occasional after-hours, weekends, and/or holiday work in response to active incidents.

About Kroll

Join the global leader in risk and financial advisory solutions—Kroll. With a nearly century-long legacy, we blend trusted expertise with cutting-edge technology to navigate and redefine industry complexities. As a part of One Team, One Kroll, you'll contribute to a collaborative and empowering environment, propelling your career to new heights. Ready to build, protect, restore and maximize our clients’ value? Your journey begins with Kroll.. 

Kroll is committed to creating an inclusive work environment. We are proud to be an equal opportunity employer and will consider all qualified applicants regardless of gender, gender identity, race, religion, color, nationality, ethnic origin, sexual orientation, marital status, veteran status, age or disability.

The current salary range for this position is $90,000 - $200,000.

In order to be considered for a position, you must formally apply via careers.kroll.com. 

#LI-Remote

#LI-CN1

Job stats:  8  2  0

Tags: Carbon Black CISSP Computer Science CrowdStrike EDR Forensics GCFA GCIA GCIH Governance GREM Incident response Intrusion detection Linux MacOS Malware Monitoring PowerShell Python Risk assessment Scripting Sentinel SIEM Splunk TCP/IP Threat detection Threat Research VMware Windows XDR

Perks/benefits: Career development Team events

Regions: Remote/Anywhere North America
Country: United States

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.