DFIR Lead

Tasks

• Collect forensic artifacts and perform offline investigation
• Conduct live endpoint investigations
• Coordinate with third parties for incident response and remediation
• Develop KPI reporting for senior management
• Develop and document incident response methods and runbooks
• Develop and revise incident response policies and procedures
• Escalate incidents to business units
• Implement incident response ticketing system
• Lead incident response and post breach remediation
• Maintain CERT machine investigation lifecycle
• Participate in 24x7 incident service delivery
• Perform initial analysis and IOC identification
• Produce technical reports for clients
• Provide incident response mentoring and training
• Report incident response security metrics
• Support SOC transition and process build out
• Troubleshoot network traffic and perform packet capture analysis

Perks/Benefits

• 100 percent telecommuting
• 24x7 service delivery coverage

Skills/Tech-stack

Cause analysis | Cloud Forensics | Cybersecurity Framework | Detection and Response | Digital forensics | EDR | EDR deployment | Endpoint Detection and Response | Endpoint Forensics | Endpoint Remediation | Endpoint detection | Firewall | Forensic Investigation | Forensic Tools | IOC identification | Incident Response | Incident ticketing | NIST Cybersecurity | NIST Cybersecurity Framework | Network Security | Operating Systems | Packet Capture | Penetration Testing | Root Cause Analysis | Root cause | SIEM | Security metrics | Security policies | Tabletop Exercises | Threat hunting | Traffic analysis | VPN | Virtualization