Contract Bench, Incident Responder (DFIR)

About The Position

Requirements

• Experience responding to threat activity as an IR consultant or SOC analyst.
• Strong understanding of Windows/Mac/Linux fundamentals.
• Strong understanding of forensic artifacts.
• Strong understanding of BEC analysis.
• Strong understanding of network analysis.
• Existing knowledge or passion to learn cloud-native investigations across AWS, GCP, and Azure.
• An unwavering emphasis on investigation at the highest level of quality.
• Availability of at least a few free hours a week to take on IR work.
• Employer's permission to engage in IR work (day-job friendly).

Nice To Haves

• Experience as a "retired" incident responder seeking flexible work.
• Familiarity with UTC timestamps.
• Proficiency with forensic scripts and a "Tools" folder of favorite scripts.
• Keen sense for distinguishing legitimate users from threat actors.
• Experience with account takeovers as a modern threat.
• Addicted to threat intel.
• Insatiably curious.
• Investigator at heart.

Responsibilities

• Conduct investigative work on live response data.
• Perform forensic analysis across Windows, Mac, and Linux environments.
• Investigate cloud-native incidents across AWS, GCP, and Azure.
• Analyze Business Email Compromise (BEC) and network activity.
• Identify and differentiate between legitimate user and threat actor activity.
• Support breach investigations ranging from ransomware to nation-state threats.
• Contribute to shaping the incident response practice.

Benefits

• Flexible schedule that matches your lifestyle.
• Opportunity to pick up live response work and analysis.
• Support for breach investigations.
• Day-job friendly engagement.