Cyber Defense Forensics Lead

About The Position

Requirements

• Minimum of seven (7) years professional cybersecurity experience with strong expertise in incident response, insider threat investigations, forensics, and threat analysis.
• Minimum of five (5) years hands-on security operations experience, with experience in the last two years including:
• Host-based and network-based monitoring
• Insider threat detection tools
• Host-based forensic tools
• SIEM platforms
• Intrusion detection and analysis capabilities
• Endpoint threat detection tools
• Security operations ticketing tools
• Proven experience identifying and analyzing anomalous security activities.
• Demonstrated ability to create insider-threat dashboards, reports, and workflows.
• Strong experience capturing evidence, documenting results, and escalating issues when necessary.
• Experience mentoring and training junior team members.
• Strong understanding of confidentiality, integrity, and availability (CIA triad) principles and best practices.
• TS/SCI Clearance required

Nice To Haves

• CISSP - Certified Information Systems Security Professional
• GCFA - GIAC Certified Forensic Analyst
• GCFE - GIAC Certified Forensic Examiner
• GREM - GIAC Reverse Engineering Malware
• GNFA - GIAC Network Forensic Analyst

Responsibilities

• Lead cross-functional teams to perform in-depth analysis and investigation of high-priority cybersecurity incidents
• Utilize security tools to analyze, investigate, and triage security alerts
• Coordinate the monitoring of our customers environments, including cloud and SaaS solutions for evidence of adversarial activity
• Utilize advanced tools, such as digital forensics or malware analysis capabilities, to identify incidents’ root causes, scope, and impact
• Collaborate with cyber threat hunting and cyber threat intelligence teams
• Serve as the primary incident point of contact with law enforcement, third-party vendors, and other external parties
• Coordinating tasking from Federal leadership
• Conduct post-incident analysis and lessons learned to identify improvement opportunities
• Develop or tune detection rules or signatures to improve the effectiveness of security monitoring and collaborate with engineering teams to implement them
• Accurately document triage findings, and intake reports of external cybersecurity events from SOC customers via phone or email in the SOCs Incident Management System(IMS)
• Learn new open and closed-source investigative techniques
• Perform research on emerging threats and vulnerabilities to aid their prevention and mitigation
• Assist in developing and implementing initiatives that will enhance the SOC’s performance (e.g., SOPs, playbooks, capability deployments)
• Escalate SOC performance issues or risks to management
• Provide guidance and mentorship to Tier 1 and Tier 2 SOC Analysts to enhance their skills and capabilities

Benefits

• Health/Dental/Vision
• 401(k) match
• Paid Time Off
• STD/LTD/Life Insurance
• Referral Bonuses
• professional development reimbursement
• parental leave