Cyber Incident Handler - Principal (BHJOB22048_763)
Company: ITmPowered
Location: Denver
Posted on: November 1, 2024
Job Description:
Cyber Security Incident Handler (Principal) - Remote -
KAISJP00211866
The Incident Handler uses incident response, investigative, and
forensics skills to determine the extent of a breach, the
containment measures required, and the overall response needed.
This includes appropriate data collection, preservation,
mitigation, remediation requirements, and security improvement
plans. The Incident Handler will utilize forensic best practices
and provide chain of custody service for criminal investigations
(e.g., employee situations, fraud, etc.). The Incident Handler may
work on different teams, depending upon the type of incident or
pre-incident activity and the nature of the threat.
Essential Functions
- Evaluates processes, services, drivers, libraries, binaries,
scripts, memory, network traffic, file, email, and other artifacts
for anomalies, security exploitation, and/or unauthorized
access.
- Identifies attack vectors, social engineering attempts,
exploits, malicious code, C2 activity, and persistence
mechanism.
- Identify containment controls to halt attacks in progress
against affected or exposed resources.
- Identify mitigation controls to prevent attacks to vulnerable
or exposed resources.
- Performs analysis to determine scope, risk, and impact of
breach or exposure.
- Performs root cause analysis, develops remediation plans, and
works with SMEs to ensure proper execution of corrective action
plans.
- Works with SMEs to determine mitigation strategies, and
coordinates with affected business unit(s) to implement mitigating
security controls.
- Collects and preserves digital evidence in a forensically sound
manner according to best practices.
- Properly and thoroughly document incident findings, evidence,
analysis steps, and create after action reports and
recommendations.
- Engages appropriate levels of management to affect improvements
to the security posture of organization.
- Provide input to security infrastructure design based on
incident response experience.
- Provide routine updates to Security Policies and
Procedures.
- Focus on preserving uptime of the production environment and
minimize the impact on medical services.
DESIRED SKILLS:
- Broad knowledge of digital processing platforms, hardware,
operating systems, applications and the ability to identify and
troubleshoot failures in any of these areas.
- Expert knowledge of Windows-based operating systems.
- Working knowledge of Linux/UNIX-based operating
systems.
- Familiarity with Android and IOS platforms.
- Possesses binary and scripted malware behavioral analysis
skills.
- Possesses binary and scripted malware static analysis and
reverse engineering skills and experience with binary disassembly
and script analysis platforms.
- Ability to troubleshoot through technical issues to properly
triage reported events and incidents.
- Ability to perform deep-dive analysis to determine root cause
and full impact of incidents.
- Knowledge and experience in security controls including EDR,
forensics tools, anti-virus, intrusion prevention, authentication
mechanisms, data collection and analysis tools, and Splunk
SIEM.
- Excellent communication and documentation skills.
- Ability to produce reports for Sr. Management that properly
articulate risk, exposure, corrective action plans.
- Ability to speak publicly and lead diverse teams of SMEs &
Operations Management through security incidents.
- Ability to respond quickly and accurately to any level of
security incident.
- Avoid unnecessary production impact caused by investigation
activities, if avoidable.
- Properly manage elevated access within the
environment.
- Ability to work in a team of professionals sharing workload and
investigation assignments in a fast-paced and high-risk
environment.
PREFERRED QUALIFICATIONS AND CERTIFICATIONS:
- Masters degree in a related technical field and a minimum of
10+ years of equivalent work experience.
- 7+ years hands on experience with Enterprise forensic software
and investigations.
- 10+ years of experience in Cyber Security with a focus on
Incident Response or Forensics.
- EnCE, GCFE, GCFA, GNFA, GDAT, GCIH, GREM, CISA, CISM, and/or
similar certifications.
QUALIFICATIONS: (A candidate should meet at least 13 of the below
qualifications):
- Master's degree in a related field and/or a minimum of 10+
years of equivalent work experience.
- A minimum of 15+ years of experience in Information Technology
(IT).
- EnCE, GCFE, GCFA, GNFA, GDAT, GCIH, GREM, CISA, CISM, and/or
similar certifications.
- A thorough understanding of at least three desktop and server
operating systems (Windows, Linux, Unix, OS X, Android, IOS) and
related forensic artifacts.
- Expert shell scripting skills in three or more
languages.
- A thorough understanding of attacker/malware methodologies and
common malicious changes.
- Experience with multiple forensics platforms, such as EnCase,
FTK, Nuix, X-Ways, etc.
- Possesses binary and scripted malware behavioral analysis
skills.
- Possesses binary and scripted malware static analysis and
reverse engineering skills and experience with binary disassembly
and script analysis platforms.
- Possesses a thorough understanding of networking and the
ability to decode and analyze network packet captures using
relevant toolsets.
- Possesses expert knowledge of security controls technologies at
all layers (IAM, Network, Endpoint, SIEM/Log).
- Possesses strong communication and writing skills and the
ability to present investigative content and findings verbally and
in reports to technical and non-technical audiences, including
senior leadership, legal, compliance, business, and other
teams.
- Possesses the ability to develop, refine, and educate team
members on new investigative targets, data sources, tools,
methodologies, and processes.
- Strong mentoring and leadership skills.
- Strong project management and overall incident management
skills.
LOGISTICS:
- Work remotely anywhere in Domestic US. Preferred locations
Colorado or Georgia.
- COVID-19 Vaccine and Booster Required - OR must provide valid
medical exemption from doctor in advance.
- Must be able to successfully pass a 12-panel drug screen,
10-year background check, employment verification.
- You will need to be a current US Citizen or valid Green Card
holder. No need for visa now or in future. This role is not able to
offer visa transfer or sponsorship now or in the future.
- W2 only - No sub vendors. Sponsorship NOT available.
- Must have direct contact information on resume (phone / email)
to be considered.
#J-18808-Ljbffr
Keywords: ITmPowered, Arvada , Cyber Incident Handler - Principal (BHJOB22048_763), Professions , Denver, Colorado
Didn't find what you're looking for? Search again!
Loading more jobs...