DFIR Expert

Description

Our mission at Cyberbit is to develop cutting-edge cyber simulations by mimicking real-world threat groups, investigating their attack patterns, and translating that information into practical cyber exercises.

We utilize commercial-grade security tools to train cyber professionals in industry-standard detection, response, and attack mitigation techniques. Our clients include Fortune 500 companies, universities, governments, and militaries worldwide.

The ideal candidate will possess a comprehensive analytical abilities and understanding of cyber security attack vectors, vulnerabilities, and exploits, as well as be well-versed in identifying and mitigating common network security threats. We are looking for a candidate with a proven track record of working with security analysis technologies (e.g. SIEM, FW, AV, IPS, EDR) and a deep understanding of relevant procedures, policies, and industry investigational best practices.

Responsibilities:

• Design and investigate cyber-attack scenarios for training and simulation purposes by reproducing malicious attack campaigns, mitigations, and investigation flows.
• Develop investigation methodologies based on industry best practices to counter new cyber threats and techniques.
• Conduct research and analysis on Tactics, Techniques, and Procedures (TTPs) employed by malicious actors in order to educate and train users on defense against live attacks.
• Work collaboratively with a diverse team of experts including offensive security researchers, software developers, security analysts, security experts, DevOps, and technical writers to achieve project goals.

Requirements

• At least 2 years of professional experience in the Incident Response field - Must.
• Experience in one or more of the following areas: Digital Forensics (including Malware Analysis), Memory/Host/Network Forensics, Incident Response, Cloud Security - Must.
• Knowledge of Windows and Linux internals - Must.
• Proven experience in writing technical security reports, mainly incident response or forensic reports - Must.
• Outstanding English language proficiency, both verbal and written- Must.
• A team player.
• Extensive experience triaging and responding to incidents using CrowdStrike, Carbon Black or Microsoft Defender.
• Experience working with Splunk SIEM, QRadar or Microsoft Sentinel for incident response purposes.
• Hands-on experience with cloud platforms such as Microsoft Azure, Amazon Web Services (AWS) or Google Cloud Platform (GCP) - Advantage.
• Experience with scripting languages such as Python, PowerShell, or Bash - Advantage.
• Hands-on experience analysing malware (through static and dynamic means) - Advantage.
• Experience in training and teaching others in the field of cybersecurity - Advantage.
• Any GIAC certification - Advantage.

You will love working with us

• We were ranked as the #16 best place to work with in Israel out of all tech companies, and #25 out of ALL companies in Israel in 2022!
• We’re well funded, and have raised $100M so far
• We provide growth opportunities – some of our best managers have grown in the organization
• We love a good party, so you can expect themed happy hours, holiday toasts, parties, and water fights
• And no – we won’t throw massive dance parties with top international DJs, but we’ll know each and every one of you by name, and whenever there’s a personal reason to celebrate, or when something went wrong, we’ll be there for you.