Find A Job

Senior Advisor, Cybersecurity Consulting

Round Rock, Texas | IT
Job ID: 101727
Listed on 10/27/2020

KellyMitchell matches the best IT and business talent with premier organizations nationwide. Our clients, ranging from Fortune 500 corporations to rapidly growing high-tech companies, are exceptionally served by our 1500+ IT and business consultants. Our industry is growing rapidly, and now is a great time to launch your career with the KellyMitchell team.

Senior Advisor, Cybersecurity Consulting

Job Summary

The ideal candidate will be a member of Cybersecurity Incident and Response Team (CSIRT) organization with responsibility for helping to design, build, and deliver major components of threat hunting strategy. The role is part of a cross-functional team with deep knowledge of security processes and procedures, and process analytics in order to pursue and prove or disprove hypotheses related to malicious activity.

Duties

  • During major incidents, the candidate will be involved in the IR process to help on incident investigation, performing forensics activities and utilizing structured methodologies to respond to threats
  • Using a holistic approach to analyze threats based on internal threat intelligence reports and/or open-source articles and reports related to new security threats
  • Derive actionable indicators - IOCs and TTPs
  • Define threat hunting hypothesis based on derived indicators
  • Define threat hunting content for detection and/or monitoring solutions (EDR - RSA ECAT, CarbonBlack; SIEM - Splunk)
  • Define testing scenarios for hunting and/or detection content before pushing into pre-production: simulate TPs and normal activities (FP whitelisting purposes)
  • Retro-hunting based on the indicators related to a threat actor
  • Maintain and develop the existent custom threat hunting automation system, propose and develop any automation mechanism that can increase the process efficiency:
  • Use scripting language to automate hunting mechanism for threats (eg. PowerShell, Python)
  • Develop new components that can be integrated with existent custom and/or COTS solutions used within CSIRT
  • Monitor the results of the automated hunts and develop hunting reports
  • Create and/or work incidents and/or investigations for suspicious and/or true positives found during hunting activities:
  • True Positives, as being hunting results for a specific threat, will be analyzed/worked by threat hunting analyst and results will be disseminated to the relevant and/or other involved teams from CSIRT
  • Create reports based on the threat hunting activities findings
  • Executive reports to be included into periodically threat team reporting and/or
  • Technical reports to be included into related incident/investigation IR reporting
  • Analyze the threat hunting detections only content hits and statistics, create accuracy and efficiency reports and propose new content to be transition to alerts for IR teams, using Agile methodology for the entire process
  • During incident investigations, the analyst will actively participate in incident response process, executing forensic investigations activities:
  • Analyze computer data, network traffic, e-mail activity, integrity and logs
  • Work with forensic tools to image hard drives, uncover files and present in a format for legal purposes
  • Properly document legal hold and other e-discovery activities
  • During incident investigations, the analyst will act as an escalation point for the IR team, to help on analyzing the collected data and evidences, enrich the reports with hunting results based on related IOCs and TTPs
  • As part of the edge defense team, the analyst will be handling the alerts and escalations related to, but not limited to, Akamai Web Application Firewall (WAF) & Bot Management and Arbor anti-DDoS solutions:
  • Respond to escalations from other business teams (Sales, Website Support, Development, etc.)
  • Create, update and maintain applications specific content (custom rules and alerts)

Desired Skills/ Experience

  • 3+ years experience
  • Bachelor’s degree in Information Systems, a related field or relevant experience
  • Knowledge and understanding of Tactics, Techniques and Procedures (TTP) used as means of profiling a certain threat actor
  • Problem-solving skills with ability to assess and derive threat hunting hypothesis
  • Knowledge of networking, infrastructure and application security fundamentals, concepts and frameworks

*mjp123