Threat Hunting Consultant - SkillBridge (Remote)

About The Position

Requirements

• An understanding of Windows and Linux forensic artifacts and analysis methodologies, including program execution, persistence, file system, event logging, process analysis, and anomaly detection.
• Strong threat analysis skills, including hypothesis-driven analysis, IOC searching, long-tail analysis, correlation, and pivoting on findings, and time-lining threat activity.
• An understanding of targeted attacks, including tradecraft associated with eCrime and nation-state adversaries, and an ability to use intelligence for targeted IOC searching.
• An ability to create search queries and write simple scripts in Python or another scripting language.
• A practical understanding of Windows and Linux operating systems, including file systems, registry, memory management, kernel and user-mode functions, identity, and process handling.
• A practical understanding of network protocols and how data is handled at the various layers of the OSI model.
• A familiarity with fundamental identity concepts, including Active Directory and associated protocols like Kerberos.
• strong ability to communicate analysis findings to clients, including technical and executive audiences, and legal counsel.

Nice To Haves

• Incident response experience, especially with large-scale investigations involving e-Crime and nation-state actors.
• familiarity with one or more of the following cloud platforms: AWS, Azure, and GCP.
• strong understanding of targeted attacks and an ability to create customized tactical and strategic remediation plans for compromised organizations.
• BA or BS / MA or MS degree in Computer Science, Computer Engineering, Math, Information Security, Information Assurance, Information Security Management, Intelligence Studies, Cybersecurity, Cybersecurity Policy, or a related field. Applicants without a degree but with relevant work experience and/or training will be considered.

Responsibilities

• Analyze logs and system artifacts looking for evidence of adversary activity in enterprise environments.
• Produce high-quality written and verbal reports, presentations, recommendations, and findings to key stakeholders, including technical audiences, management, and legal Counsel.
• Contribute to developing and maturing threat hunting capabilities, including research, methodology, and scripting.