Cyber Security Incident Handler (Principal) - Remote - KAISJP00211866 The Incident Handler uses incident response, investigative, and forensics skills to determine the extent of a breach, the containment measures required, and the overall response needed. This includes appropriate data collection, preservation, mitigation, remediation requirements, and security improvement plans. The Incident Handler will utilize forensic best practices and provide chain of custody service for criminal investigations (e.g., employee situations, fraud, etc.). The Incident Handler may work on different teams, depending upon the type of incident or pre-incident activity and the nature of the threat. Essential Functions
- Evaluates processes, services, drivers, libraries, binaries, scripts, memory, network traffic, file, email, and other artifacts for anomalies, security exploitation, and/or unauthorized access.
- Identifies attack vectors, social engineering attempts, exploits, malicious code, C2 activity, and persistence mechanism.
- Identify containment controls to halt attacks in progress against affected or exposed resources.
- Identify mitigation controls to prevent attacks to vulnerable or exposed resources.
- Performs analysis to determine scope, risk, and impact of breach or exposure.
- Performs root cause analysis, develops remediation plans, and works with SMEs to ensure proper execution of corrective action plans.
- Works with SMEs to determine mitigation strategies, and coordinates with affected business unit(s) to implement mitigating security controls.
- Collects and preserves digital evidence in a forensically sound manner according to best practices.
- Properly and thoroughly document incident findings, evidence, analysis steps, and create after action reports and recommendations.
- Engages appropriate levels of management to affect improvements to the security posture of organization.
- Provide input to security infrastructure design based on incident response experience.
- Provide routine updates to Security Policies and Procedures
- Focus on preserving uptime of the production environment and minimize the impact on medical services.
DESIRED SKILLS:
- Broad knowledge of digital processing platforms, hardware, operating systems, applications and the ability to identify and troubleshoot failures in any of these areas.
- Expert knowledge of Windows-based operating systems
- Working knowledge of Linux/UNIX-based operating systems
- Familiarity with Android and IOS platforms
- Possesses binary and scripted malware behavioral analysis skills.
- Possesses binary and scripted malware static analysis and reverse engineering skills and experience with binary disassembly and script analysis platforms.
- Ability to troubleshoot through technical issues to properly triage reported events and incidents.
- Ability to perform deep-dive analysis to determine root cause and full impact of incidents.
- Knowledge and experience in security controls including EDR, forensics tools, anti-virus, intrusion prevention, authentication mechanisms, data collection and analysis tools, and Splunk SIEM
- Excellent communication and documentation skills
- Ability to produce reports for Sr. Management that properly articulate risk, exposure, corrective action plans.
- Ability to speak publicly and lead diverse teams of SMEs & Operations Management through security incident.
- Ability to respond quickly and accurately to any level of security incident.
- Avoid unnecessary production impact caused by investigation activities, if avoidable
- Properly manage elevated access within the environment
- Ability to work in a team of professionals sharing workload and investigation assignments in a fast-paced and high-risk environment.
PREFERRED QUALIFICATIONS AND CERTIFICATIONS:
- Masters degree in a related technical field and a minimum of 10+ years of equivalent work experience
- 7+ years hands on experience with Enterprise forensic software and investigations.
- 10+ years of experience in Cyber Security with a focus on Incident Response or Forensics
- EnCE, GCFE, GCFA, GNFA, GDAT, GCIH, GREM, CISA, CISM, and/or similar certifications
QUALIFICATIONS: (A candidate should meet at least 13 of the below qualifications):
- Master's degree in a related field and/or a minimum of 10+ years of equivalent work experience
- A minimum of 15+ years of experience in Information Technology (IT)
- EnCE, GCFE, GCFA, GNFA, GDAT, GCIH, GREM, CISA, CISM, and/or similar certifications
- A thorough understanding of at least three desktop and server operating systems (Windows, Linux, Unix, OS X, Android, IOS) and related forensic artifacts.
- Expert shell scripting skills in three or more languages
- A thorough understanding of attacker/malware methodologies and common malicious changes
- Experience with multiple forensics platforms, such as EnCase, FTK, Nuix, X-Ways, etc.
- Possesses binary and scripted malware behavioral analysis skills.
- Possesses binary and scripted malware static analysis and reverse engineering skills and experience with binary disassembly and script analysis platforms.
- Possesses a thorough understanding of networking and the ability to decode and analyze network packet captures using relevant toolsets.
- Possesses expert knowledge of security controls technologies at all layers (IAM, Network, Endpoint, SIEM/Log)
- Possesses strong communication and writing skills and the ability to present investigative content and findings verbally and in reports to technical and non-technical audiences, including senior leadership, legal, compliance, business, and other teams.
- Possesses the ability to develop, refine, and educate team members on new investigative targets, data sources, tools, methodologies, and processes.
- Strong mentoring and leadership skills
- Strong project management and overall incident management skills
LOGISTICS:
- Contract role through end of the year with potential for extension and/or conversion to perm.
- Work remotely anywhere in Domestic US. Preferred locations Colorado or Georgia.
- COVID-19 Vaccine and Booster Required - OR must provide valid medical exemption from doctor in advance.
- Must be able to successfully pass a 12-panel drug screen, 10-year background check, employment verification.
- You will need to be a current US Citizen or valid Green Card holder. No need for visa now or in future. This role is not able to offer visa transfer or sponsorship now or in the future.
- W2 only - No sub vendors. Sponsorship NOT available.
- Must have direct contact information on resume (phone / email) to be considered.