IR-AVP/VP

Job Description :

• Conduct analysis of artifacts and compromised systems to determine intrusion methods, remediate to a clean state, and drive security improvements.
• Investigate potential cybersecurity events across multiple environments using various tools and techniques, including reviewing internal logs and alerts to identify and triage cases, escalating when necessary.
• Analyze security data in real-time to detect and thwart potential threats, attacks, and other violations, while performing breach indicator assessments to investigate network traffic for malicious activity.
• Assist with internal or third-party employee investigations and support the production of reports analyzing relevant threats to the enterprise.
• Research evolving threats, techniques, tools, and vulnerabilities to support information security efforts and stay current with industry trends and security practices.
• Support compliance inquiries from IT risk management and auditors, ensuring documentation is complete and processes comply with information security policies.
• Contribute to the development of security operations detections, playbooks, and automations to ensure threat detection, monitoring, response, and forensics activities align with best practices and provide comprehensive threat mitigation.
• Participate in Table-top exercises and attack simulation exercises organized by internal and external stakeholders.

• Strong knowledge and experience in Incident Response including security event triage, investigation, containment, recovery and the overall incident response process.
• Proficient in operating systems (Linux, Windows), network security, application security and mobile device security.
• Experience with security data collection, analysis, correlation, and risk analysis using logs and various data sources.
• Well-developed analytical, qualitative, and quantitative reasoning skills, with demonstrated creative problem-solving abilities.
• Understanding of offensive security, common attack methods, and the ability to pivot across multiple datasets to correlate artifacts for a single security event.
• Diverse skill base in product and information security, including system development, maintenance procedures, and security controls.
• Detailed knowledge of security and regulatory frameworks (ISO 27001, NIST 800 series, etc.) and enterprise detection and response technologies (advanced threat detection tools, intrusion detection/prevention systems, etc.).
• Experience with tools like CrowdStrike, Microsoft Defender, Tanium, Proofpoint, and open-source incident response and forensic tools.
• Ability to document and explain technical details concisely and understandably.
• Strong time management skills to balance multiple activities and lead junior analysts as needed.
• Fundamental understanding of enterprise cybersecurity frameworks such as MITRE ATT&CK and Cyber Kill Chain.
• Qualifications
• Bachelor's degree in Information Technology, Cyber Security, Computer Science, or related discipline
• 8 + years of experience working in the Cybersecurity Operations or Information Security
• Relevant technical and industry certifications, such as GCFA, GCFE, GCIH, GCIA, CISSP, ISSMP, CISM, CEH, or GSEC are preferred
• Experience in Security Operation Center, Incident Response and Computer Forensics preferred