The Brunswick group
Cybersecurity Incident Response – Senior Associate New York City, NY
Our client, a Fortune 500 Company is seeking a is looking for a Cyber Incident Response Senior Associate, who is responsible for working as part of a team of problem solvers with extensive consulting and industry experience, helping our clients solve their complex business issues from strategy to execution. Duties and Responsibilities:
- Proactively assist in the management of several clients, while reporting to Managers and above
- Train and lead staff
- Establish effective working relationships directly with clients
- Contribute to the development of your own and team’s technical acumen
- Keep up to date with local and national business and economic issues
- Be actively involved in business development activities to help identify and research opportunities on new/existing clients Essential Skills and Requirements:
- Minimum Degree Required: Bachelor Degree
- Required Fields of Study: Computer and Information Science, Computer Applications, Management Information Systems, Computer Engineering, Forensic Science
- Minimum Years of Experience: 3 year(s)
- Degree Preferred: Master Degree
- Certification(s) Preferred: in GIAC including GCFA, GCFE, GREM, GNFA, GCCC, and/or GCIA.
- Demonstrates thorough abilities and/or a proven record of success in the following areas: o Apply incident handling processes-including preparation, identification, containment, eradication, and recovery-to protect enterprise environments; o Analyze the structure of common attack techniques in order to evaluate an attacker’s spread through a system and network, anticipating and thwarting further attacker activity; o Utilize tools and evidence to determine the kind of malware used in an attack, including rootkits, backdoors, and Trojan horses, choosing appropriate defenses and response tactics for each; o Use memory dumps and memory analysis tools to determine an attacker’s activities on a machine, the malware installed, and other machines the attacker used as pivot points across the network; o Acquire infected machines and then detect the artifacts and impact of exploitation through process, file, memory, and log analysis; o Analyze a security architecture for deficiencies; o Recognize and understand common assembly-level patterns in malicious code, such as code injection, API hooking, and anti-analysis measures; o Derive Indicators of Compromise (IOCs) from malicious executables to strengthen incident response and threat intelligence efforts; o Conduct in-depth forensic analysis of Windows operating systems and media exploitation focusing on Windows 7, Windows 8/8.1, Windows 10, and Windows Server 2008/2012/2016; – Conduct in-depth forensic analysis of
- Nix operating systems and media exploitation focusing on CentOS, RHEL, Solaris, AIX, HPUX, and Ubuntu/Debian; o Identify artifact and evidence locations to answer critical questions, including application execution, file access, data theft, external device usage, cloud services, anti-forensics, and detailed system usage; o Hunt and respond to advanced adversaries such as nation-state actors, organized crime, and hacktivists; – Extract files from network packet captures and proxy cache files, allowing follow-on malware analysis, or definitive data loss determinations; o Examine traffic using common network protocols to identify patterns of activity or specific actions that warrant further investigation; o Detect and hunt unknown live, dormant, and custom malware in memory across multiple Windows systems in an enterprise environment; o Identify and track malware beaconing outbound to its command and control (C2) channel via memory forensics, registry analysis, and network connections; o Target advanced adversary anti-forensics techniques like hidden and time-stomped malware, along with utility-ware used to move in the network and maintain an attacker’s presence; o Use memory analysis, incident response, and threat hunting tools to detect hidden processes, malware, attacker command lines, rootkits, network connections, and more; o Track user and attacker activity second-by-second on the system via in-depth timeline and super-timeline analysis; and, – Identify lateral movement and pivots within client enterprises, showing how attackers transition from system to system without detection.
- Demonstrates thorough abilities and/or a proven record of success in the following areas: o Network Analysis, Memory Analysis, Endpoint Analysis, Cyber Incident Lifecycle, NIST 800-61; o Programming Languages such as Python, Perl, C/C++, C#, PowerShell, BASH, and Batch; o Demonstrable experience with at least two of the following tools including, X-Ways, Rekall, Volatility, EnCase, Remnux, IDA, Capture.Bat, RegShot, Radare, OllyDbg, Wireshark, Network Miner, NFdump, GREP, Tanium, CarbonBlack, CylancePROTECT, and PLASO/Log2Timeline.