Incident Response Consultant (Associate)

Arete Advisors - New York, NY

18 days agoFull-timeEstimated: $110,000 - $150,000 a year
EducationSkills
Interested in investigating computer crimes and breaches that make the headlines – and many more that don’t? Can you think like an attacker to stay one step ahead of them, or understand the operational security controls needed to detect, remediate, and prevent compromises? Arete Advisors seeks Incident Response Consultants with strong technical skills and an eagerness to lead projects and work with our clients. Candidates will need to apply their Incident Response, forensics, log analysis, and malware triage skills to solve complex intrusion cases at organizations around the world. Our consultants must be comfortable working in teams to tackle challenging projects, communicating with clients, and creating and presenting high-quality deliverables.

Responsibilities:
Conduct Incident Response investigations in organizations ranging from SMBs to Fortune 100 size enterprises
Conduct host forensics, network forensics, log analysis, and malware triage in support of incident response investigations.
Conduct SOC and CERT monitoring and analysis using: SIEM tools such as ArcSight and AlienVault; Data analytic tools such as Splunk and ELK Stack; Network Modeling tools such as RedSeal and Skybox; Malware tools such as Cylance and Sentinel One; APT network-based detection and mitigation tools such as Fidelis, FireEye; and Network management tools such as SolarWinds;
Recognize and codify attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied to current and future investigations.
Build scripts, tools, or methodologies to enhance incident investigation processes.
Develop comprehensive and accurate reports and presentations for both technical and executive audiences.
Effectively communicate investigative findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel.
Work with network security and IT operations at clients to implement containment and eradication actions and remediation measures in response to incidents.
Assist with scoping prospective engagements, participate in investigations from kickoff through remediation, and mentor less experienced staff.

Requirements:
Bachelor’s degree in a technical field
Minimum 2-5 years of experience; minimum 6 years of experience if no degree
Must be eligible to work in the US without sponsorship

Technical expertise in at least three of the following areas:
SOC & CERT Operations Tier 1-3
Network Security Monitoring (NSM), network traffic analysis, and log analysis
Forensic imaging including chain of custody
Windows and Unix disk and memory forensics
Penetration Testing / Vulnerability Scanning
Static and dynamic malware analysis
Applied knowledge in at least one scripting or development language (such as Python)
Thorough understanding of enterprise security controls in Active Directory / Windows environments
Experience with hands-on penetration testing against Windows, Unix, or web application targets
Must pass drug screening + background check

Additional Qualifications:
Willingness to travel up to 50%
Ability to successfully interface with both internal and external clients
Ability to document and explain technical details in a concise, understandable manner
Ability to manage and balance own time among multiple tasks, and lead junior staff when required
Eligibility for a Top Secret Security Clearance is a plus
Ability to multitask while in an extremely chaotic environment that moves at a rapid pace while providing SME level technical and programmatic leadership and managing customer expectations