Incident Response Specialist

Remote
Awake Security Labs
Full-time

Awake’s mission is to protect companies from advanced cyber-attacks and to help their security teams operate with super-human efficiency. Our approach is simply different than what is available today, and we aim to create a world-class, enduring capability to help protect the information assets that enrich our world.
 
Our team is composed of customer focused professionals with best in class industry experience.  Our team of extremely talented and friendly looking for new members who are passionate, motivated, and most of all enjoy working closely with customers to ensure their success.

Responsibilities

    • Lead and deliver client Incident Response (IR) engagements
    • Conduct Digital Forensic and Incident Response (DFIR) analysis, network log and network PCAP analysis, malware triage; and other investigation related activities in support of Incident Response investigations
    • Scope and contain incidents using Endpoint Detection and Response (EDR) tools and Awake's network appliances
    • Assist Awake's clients by advising on and helping to implement incident remediation plans
    • Collect, process, automate, and analyze network and endpoint forensic artifacts (Plaso, Timesketch, ELK, CyLR, Skadi, SIFT, etc.)
    • Develop code scripts and tools to automate the analysis of forensic artifacts and other response solutions
    • Evolve existing Awake Security Labs methodologies to enhance and improve our DFIR practice
    • Assist with client incident scoping calls as well as participating in the incident from kickoff through containment and remediation
    • Provide training, present to small groups, write blogs, and speak at conferences such as Blackhat and BSides
    • Write executive and technical reports for client engagements

Requirements

    • 3 or more years of DFIR experience as a consultant
    • An individual who understands forensic artifacts rather than a tool
    • Proficient with host-based (Windows, Mac and/or Linux) forensic triage and analysis
    • Proficient with network-based hunting and analysis
    • Proficient at threat hunting
    • Ability to conduct dynamic malware analysis to gain a quick understanding of malware and understand the IOCs generated
    • Ability to code scripts in Python, Go, C#/.NET and/or Powershell
    • Familiar with Splunk, ELK, and or other SIEM tools
    • Knowledge of and the ability to use popular EDR technologies during DFIR engagements
    • Ability to prioritize and complete multiple tasks with little to no supervision
    • Ability to work independently or as part of a collaborative team effort
    • Ability to travel part time for customer engagements

Other Desired Requirements

    • Excellent consulting and customer-facing skills
    • Ability to perform tabletop incident response exercises
    • Strong understanding of network security concepts
    • Cloud (AWS, Azure, GCP, and O365) DFIR experience
    • Advanced Python, Go, C#/.NET and/or Powershell
    • Familiar with interacting and/or writing APIs
    • CREST Certified in incident response

Perks and Benefits

    • Competitive salary, quarterly bonus opportunities, and company equity
    • Talented and friendly teammates
    • Comprehensive medical, dental and vision
    • Flexible work hours and unlimited vacation