CSIRT Analyst

About The Position

Requirements

• At least 3-5 years of experience in a similar position.
• Significant hands-on experience in disk, memory, and log acquisition in a forensically sound manner.
• Proficiency in parsing and deep forensic analysis of extracted artifacts.
• Professional post-incident report writing skills.
• A bachelor or master degree or equivalent experience.
• A hands-on and proactive mindset with a 'can do' mentality.
• Experience and/or interest in working with MDR tools such as EDR (CrowdStrike Falcon, MS Defender for Endpoint, Sentinel One, ...), NDR (Vectra, Darktrace, ...), xDR (CrowdStrike Identity Protection, MS Defender for Office/Clouds Apps/Identity/...).
• Knowledge of Security Monitoring with SIEM technologies.
• A passion for Security Monitoring, Digital Forensics, Incident Response, Threat Intelligence, and Threat Hunting.

Responsibilities

• Handle security alerts/incidents escalated by SOC Analysts (Tier 2).
• Manage security alerts and incidents collaboratively with the team.
• Conduct DFIR assignments, including DFIR readiness assessments.
• Participate in weekly Threat Hunting duties to proactively identify threats using novel Tools, Techniques & Procedures (TTPs).
• Perform compromise assessments to identify potential compromises and their scope.
• Collect Threat Intelligence (IOCs and TTPs).
• Contribute to Detection Engineering in SIEM and xDR platforms.
• Engage in Purple Teaming exercises with the Red Team to test and enhance defenses.
• Contribute to the creation of playbooks in SOAR.
• Co-author processes and procedures related to DFIR, Threat Intelligence, and Threat Hunting.
• Participate in the Incident Response on-call service.