Incident Response Specialist (GERT)

Incident Response Specialist is part of the Kaspersky Global Emergency Response Team, which responds to incidents and investigates cyber threats worldwide. Responsibilities : Deliver computer incident response and digital forensic projects for enterprise customers onsite and remotely Perform system and network forensics analysis of suspected or potential security incidents Report findings in technical reports Main requirements : 3+ years experience performing Digital Forensics and Incident Response (DFIR) investigations on multiple Operation Systems; Windows, Mac and Linux Tool agnostic with an emphasis on knowing the forensic artifacts themselves versus relying on tool output Understanding of offensive security to include common attack methods Understanding of tactics, techniques and procedures associated with malicious actors and various threats including insider threat detection Understanding of how to pivot across multiple datasets to correlate artifacts for a single security event Knowledge of and the ability to use popular EDR technologies during DFIR engagements Knowledge of threat hunting and knowledge of the artifacts necessary to review during threat hunting Ability to triage and analyze malware dynamically within a virtual environment to quickly gain a set of IOCs during an IR engagement Knowledge of System Administrator roles and responsibilities with an understanding of Windows Domain environments Experience identifying host anomalies via Windows Event logs, SysInternals Sysmon, Process Explorer / Monitor, Autoruns, etc.. Knowledge performing DFIR investigations in Cloud environments (Azure, O365, AWS, and Google) Knowledge of malware analysis concepts and methods Knowledge of models / frameworks such as Kill Chain and MITRE ATT&CK Knowledge of resources such as VirusTotal and their use for identifying contributing information for an event Proficient in either Python, Powershell or any other programming languages. Ability to perform root cause analysis Experience in reverse engineering various types of malicious files (executable x86 / x64 for different platforms MS Windows ,Linux, MacOS as well as pdf, docs and other) Nice to have : Availability of SANS certifications or other of the Security field such as GIAC, GSEC, GCIA, GCIH, GREM, GPEN or OSCP Experience with a variety of SIEM, such as RSA Security Analytics, Splunk, and ArcSight; as Firewalls, Intrusion Detection / Prevention Systems (Snort, Bro, Sourcefire), Proxies, WAF Forensic software applications (e.g. EnCase, FTK, Helix, Cellebrite, XRY, etc.) Reverse Engineering tools (IDA Pro, debuggers and etc.) Knowledge C, C++, C#, Java, ASM, PHP, PERL eDiscovery tools (NUIX, Relativity, Clearwell, etc.) Seniority level :

Mid-Senior level Employment type :

Full-time Job function :

Information Technology

#J-18808-Ljbffr