Senior Cyber Security Consultant
OnX Canada
Ontario, Canada
80K $-90K $ / an (estimé)
Temps plein
Must have a Security Clearance - Secret preferred
In this role, you will :
- Take a lead role in client investigation and response engagements, influencing the response strategy with stakeholders from technical to senior management
- Report and present detailed results and recommendations to both technical and non-technical stakeholders
- Work in partnership with the client Cybersecurity sales teams, demonstrating the capacity and ability of the forensics business to potential clients
- Collect and investigate data from a wide range of systems and software to understand the attacker activity and produce a containment strategy
- Engage in skills transfer both internally and, when required, with customers.
- Work to respond in real time to advanced attackers in complicated and fluid environments
- Work with an enthusiastic and expert team to contribute to keeping the methodology at the cutting edge
- Collaborate with the other cyber security teams to add value to the company suite of service offerings
Ideally, you will have :
- Experience performing Digital Forensics and Incident Response (DFIR) investigations on multiple Operation Systems; Windows, Mac and Linux
- Tool agnostic with an emphasis on knowing the forensic artifacts themselves versus relying on tool output
- Knowledge of and the ability to use popular EDR technologies during DFIR engagements
- Experience analyzing a myriad of system and network logs using Splunk and / or ELK
- Experience responding to APT style targeted attacks, with a good understanding of operational security concepts during live breaches
- Knowledge of threat hunting and knowledge of the artifacts necessary to review while threat hunting
- Ability to analyze PCAP data
- Ability to triage and analyze malware dynamically within a virtual environment to quickly gain a set of IOCs during an IR engagement
- Knowledge of System Administrator roles and responsibilities with an understanding of Windows Domain environments
- Experience performing memory analysis as part of an incident response engagement
- Ability to be client facing by interacting with our clients and their executive leadership
- Creative problem-solving self starter, and an analytic and qualitative eye for reasoning
- Ability to work with a remote team via collaboration tools
- Strong documentation skills, ability to write executive and technical DFIR reports
Useful but not essential :
- DFIR experience, including incident management
- Proficient in either Python or Powershell
- Experience with analysis of VBS and other WSH languages as well as web languages such as PHP and JS
- Incident response certifications such as those offered by SANS / CREST / GIAC
- Experience creating dashboards, writing Logstash filters, and Lucene queries
- Knowledge performing DFIR investigations in Cloud environments (Azure, O365, AWS, and Google)
- Any languages in addition to English
Il y a 19 jours