Advisory

Cyber Incident Response Manager

Permanent

The Brunswick group

Cyber Incident Response Manager Dallas, TX

The Challenge:

Our client, a Fortune 500 company is looking for a Cyber Incident Response Manager responsible for working as part of a team of problem solvers with extensive consulting and industry experience, helping our clients solve their complex business issues from strategy to execution.

Duties & Responsibilities:

  • Proactively assist in the management of a portfolio of clients, while reporting to Senior Managers and above
  • Be involved in the financial management of clients
  • Be actively involved in business development activities to help identify and research opportunities on new/existing clients
  • Contribute to the development of your own and team’s technical acumen
  • Develop strategies to solve complex technical challenges
  • Assist in the management and delivering of large projects
  • Train, coach, and supervise staff
  • Keep up to date with local and national business and economic issues
  • Continue to develop internal relationships

Essential Skills & Requirements:

  • Minimum Degree Required: Bachelor Degree
  • Degree Preferred: Master Degree
  • Required Fields of Study: Computer and Information Science, Computer Applications, Management Information Systems, Computer Engineering, Forensic Science
  • Certification(s) Preferred: Any of the following: GIAC including GCFA, GCFE, GREM, GNFA, GCCC, and/or GCIA.
  • Minimum Years of Experience: 6 year(s) 
  • Demonstrates extensive knowledge and/or a proven record of success in the following areas:
  • Apply incident handling processes-including preparation, identification, containment, eradication, and recovery-to protect enterprise environments;
  • Analyze the structure of common attack techniques to evaluate an attacker’s spread through a system and network, anticipating and thwarting further attacker activity;
  • Utilize tools and evidence to determine the kind of malware used in an attack, including rootkits, backdoors, and Trojan horses, choosing appropriate defenses and response tactics for each;
  • Use memory dumps and memory analysis tools to determine an attacker’s activities on a machine, the malware installed, and other machines the attacker used as pivot points across the network;
  • Acquire infected machines and then detect the artifacts and impact of exploitation through process, file, memory, and log analysis;
  • Recognize and understand common assembly-level patterns in malicious code, such as code injection, API hooking, and anti-analysis measures;
  • Derive Indicators of Compromise (IOCs) from malicious executables to strengthen incident response and threat intelligence efforts;
  • Conduct forensic analysis of Windows operating systems and media exploitation focusing on Windows 7, Windows 8/8.1, Windows 10, and Windows Server 2008/2012/2016;
  • Conduct forensic analysis of *Nix operating systems and media exploitation focusing on CentOS, RHEL, Solaris, AIX, HPUX, and Ubuntu/Debian; – Identify artifact and evidence locations to answer critical questions, including application execution, file access, data theft, external device usage, cloud services, anti-forensics, and detailed system usage;
  • Hunt and respond to advanced adversaries such as nation-state actors, organized crime, and hacktivists;
  • Extract files from network packet captures and proxy cache files, allowing follow-on malware analysis, or definitive data loss determinations;
  • Examine traffic using common network protocols to identify patterns of activity or specific actions that warrant further investigation; – Detect and hunt unknown live, dormant, and custom malware in memory across multiple Windows systems in an enterprise environment;
  • Identify and track malware beaconing outbound to its command and control (C2) channel via memory forensics, registry analysis, and network connections;
  • Target advanced adversary anti-forensics techniques like hidden and time-stomped malware, along with utility-ware used to move in the network and maintain an attacker’s presence;
  • Use memory analysis, incident response, and threat hunting tools to detect hidden processes, malware, attacker command lines, rootkits, network connections, and more;
  • Track user and attacker activity second-by-second on the system via in-depth timeline and super-timeline analysis; and,
  • Identify lateral movement and pivots within client enterprises, showing how attackers transition from system to system without detection.

    Demonstrates extensive abilities and/or a proven record of success in the following areas: – Network Analysis

Tagged as: Cyber Incident Response Manager