Description
Senior Incident Responder - We are looking to hire an entrepreneurial and well-rounded cyber incident handler to join our growing team. This Company is focused on providing a high level of value and customer service to insureds as well as legal and insurance partners. Key to this is hiring the right people and empowering them. We have developed proprietary software to enable faster and more accurate investigations of business email compromises as well as ransomware attacks. This company offers a friendly and entrepreneurial start-up culture, with a focus on accelerating the professional and technical development of our team.
The ideal candidate will have extensive hands-on experience delivering cyber incident response engagements, preferably in a legal and insurance focused environment. This individual will be expected to independently handle ransomware and business email compromise incidents. This role is expected to be remote with no plans to move to a forced location requirement. Sponsorship is not available.
Responsibilities include:
- Independently handle ransomware and business email compromise (BEC) incidents
- Collect source data in response to incidents and conduct detailed analysis of threat actor behaviour
- Prepare reports on findings and communicate to clients and their advisors in follow-up briefings
- Deliver a high level of customer service to law firms, insurers, and their clients
- Contribute new ideas for improvements to services and our proprietary software
- For ransomware incidents, work with partners to engage with attackers to resolve cyber extortion incidents
Required experience and qualifications:
- 3+ years of professional experience in cyber investigations, incident response, digital forensics or related (5+ for senior)
- Experience investigating ransomware and business email compromise incidents
- Ability to manage multiple projects and the potentially competing demands between them
- Consultancy / professional services experience
- Extensive experience of working with digital forensics tools
- Strong verbal and written level of English and German
- Experience presenting report findings and recommendations
- Knowledge of current data collection, storage, and chain of custody best practices
- Preferred experience and qualifications:
- Experience of working with (or for) law firms
- Experience with Python scripting and coding
- Experience with PowerShell
- Experience with an EDR Solution (e.g., SentinelOne, Cylance, Carbon Black, etc.)
- Experience with log analysis tools or platforms (e.g., Splunk, Elastic Stack, etc.)
- Experience with Azure cloud VMs and Storage
- Experience with malware sandboxing (preferable knowing how to set up a Cuckoo or CAPEv2 sandbox)
- Experience of recovering / decrypting client data as part of ransomware response
- Experience with Unix / Linux, Mac and an understanding of Active Directory, firewalls, and network layers and protocols
- Another European language is preferred.
Applicable certifications (preferred not required):
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Intrusion Analyst (GCIA)
- GIAC Reverse Engineering Malware (GREM)
- GIAC Certified Forensic Analyst (GCFA)
- GIAC Certified Forensic Examiner (GCFE)
- Encase Certified Examiner (ENCE)
- CREST Certified Incident Manager (CCIM)
- CREST Practitioner Intrusion Analyst
- CREST Registered Intrusion Analyst
- CREST Certified Network Intrusion Analyst
- CREST Certified Host Intrusion Analyst
- CREST Certified Malware Reverse Engineer
- CHFI Computer Hacking Forensic Investigator