About River
River is an electric vehicle company building multi-utility scooters. At River, we're building scooters of tomorrow for the ambitious youth of today. Because we believe people only need two things to achieve success: the desire to make it to the top, and the means to get there.
With our flagship product River Indie, SUVofScooters, is designed to help you get things done. Engineered to be a dependable ally on your road to success. We are backed by marquee international investors - these are mobility focused funds backed by Yamaha Motors, Al-Futtaim Automotive Group, Toyota VC and Maniv Mobility.
Key Responsibilities
- Monitor both SIEM dashboards and the CrowdStrike Falcon console to detect potential security incidents, distinguishing between normal network noise and genuine threats
- Utilize CrowdStrike's Process Execution Trees to trace the root cause of alerts, analyzing parent/child process relationships (e.g., Why did Excel spawn PowerShell) to identify malicious behavior.
- Apply CCNA-level knowledge of the OSI Model and TCP/IP to correlate endpoint alerts with network logs, verifying if compromised hosts are communicating with Command & Control (C2) servers
- Move beyond simple signature matching by using Indicators of Attack (IOAs) to spot Living off the Land attacks (fileless malware) and mapping them to the MITRE ATT&CK framework
- Act as the first responder for security alerts, classifying incidents based on severity and following the NIST Incident Response Lifecycle (Detection & Analysis) to escalate verified threats
- Assist in cross-referencing CVEs with CrowdStrike Spotlight data and apply CEH knowledge to understand how attackers might exploit unpatched vulnerabilities in the wild
- Analyze network packet headers (understanding the TCP 3-Way Handshake and flags) to identify anomalies like SYN floods or port scanning
- Document investigation findings clearly in ticketing systems, detailing the Who, What, When, and How of the incident for senior analysts
Ideal Candidate
- B.E. / B.Tech / M.Tech in Information Technology, Computer Science, or Cybersecurity.
- Mandatory : CCNA (Strong Network Foundation) & CompTIA Security+ (Security Core)
- Fresher with active CEH (Certified Ethical Hacker) or CrowdStrike Certified Falcon Administrator (CCFA)
- Conceptual understanding of EDR (Endpoint Detection & Response) vs. Legacy Antivirus, and the benefits of cloud-native, lightweight agents
- Deep understanding of Stateful vs. Stateless Firewalls, DMZ concepts, and packet filtering logic
- Strong familiarity with the Cyber Kill Chain, SQL Injection, XSS, and Phishing vectors
- Ability to explain the difference between IOCs (hashes, IPs) and IOAs (behaviors), and how to use Real Time Response (RTR) concepts
- Basic understanding of Symmetric/Asymmetric encryption, Hashing (SHA/MD5), and PKI
- Willingness to work in rotational 24/7 shifts (including nights, weekends, and holidays) to support a continuous monitoring Security Operations Center environment
- Strong analytical thinking, ability to follow the breadcrumbs during an investigation, and concise communication skills for incident reporting
