DFIR Consultant, US, Remote, $160k
A leading cyber technology and services firm, known for delivering top-tier consulting and incident response services to organizations worldwide, is seeking a Junior Incident Responder. We work with top organizations, including Fortune 100 companies, to strengthen their cyber resilience and address cyber threats. We are a trusted partner to IT and security teams, senior management, and boards globally.
Our team consists of exceptional talents from elite military technology units and the cyber industry. We leverage technological expertise, digital combat experience, data analytics, and a business-oriented approach to empower organizations in the face of cyber threats.
Job Overview
As cyber threats become increasingly complex and frequent, the role of a Junior Incident Responder is critical. You will assist in efforts to detect, analyze, and respond to cyber threats, helping to protect our clients' operations and reputation. You will conduct forensic analysis, investigate cyber incidents, and work closely with client IT and security teams, often on-site.
Main Responsibilities
- Assist in forensic and incident response investigations, including analyzing smaller-scale and sophisticated attacks.
- Perform log analysis, host and network-based forensics, and basic malware analysis.
- Participate in proactive threat hunting to identify targeted attacks and emerging threats within client networks.
- Help identify indicators of compromise (IOCs) and tools, tactics, and procedures (TTPs) to assess breaches.
- Contribute to the development and improvement of tools and methodologies for investigations and threat hunting.
- Collaborate with client IT and security teams during investigations.
- Assist in generating and presenting detailed reports on investigation findings.
- 1-2 years of relevant experience in the cyber security industry.
- Bright, curious, and determined team player striving for excellence.
- Strong problem-solving skills and a deep thinker with a growth mindset.
- Basic understanding of the lifecycle of advanced security threats, attack vectors, and exploitation methods.
- Technical knowledge of network fundamentals and common internet protocols.
- Understanding of system and security controls on at least two OSs (Windows, Linux/Unix, MacOS), including host-based forensics and analyzing OS artifacts.
- Familiarity with one or more scripting languages (e.g., Python).
- Multidisciplinary knowledge and competencies, including:
- Hands-on experience in data analysis, preferably network traffic or log analysis, using platforms like Jupyter, Splunk, pandas, SQL.
- Basic understanding of cloud infrastructure, web applications, servers, and mobile platforms (Android and iOS).
- Some experience with malware analysis and reverse engineering.
- Familiarity with enterprise SIEM platforms (e.g., Splunk, QRadar, ArcSight).
- Excellent communication and interpersonal skills. Fluent in English, with the ability to document and explain technical information clearly and concisely.