Dfir Expert

CyberProof is a cyber security services and platform company whose mission is to help our customers react faster and smarter - and stay ahead of security threats, by creating secure digital ecosystems. CyberProof automates processes to detect and prioritize threats early and respond rapidly and decisively.

**CyberProof **is part of the UST Global family. Some of the world's largest enterprises trust us to create and maintain secure digital ecosystems using our comprehensive cyber security platform and mitigation services.

**About this Role**
- Supervise the DFIR service provided to customers from end to end.
- Develop the integrations and response workflows to align with the company’s goals.

**Expectations from this role**:

- Define and drive the incident readiness of customers’ environments to reduce the risk of future incidents.
- Availability to work 24/7 to solve escalated incidents and be the highest escalation point for all Operations teams.
- Orchestrate SOC collaborations with the company’s holistic approach to assist with the quick identification of an attack, minimize its effects, contain damage, and remediate the threat.
- Dictate the best practice for response workflows and procedures to achieve quick resolution for escalated cyber incidents.
- Increase the customer’s security posture level in a post-incident environment.

**Typical performance measures**:

- Increase productivity and efficiency of the service by focusing on automating response activities.
- Initiate and push for collaboration between SOC teams to drive proactivity in all aspects of the Operations work.
- Engage with sales teams to drive potential customers to purchase the service and increase CyberProof’s margin goals.

**Performance Areas**:

- Supervise the team activities to lead to high-performance service delivery during an incident crisis, considering the team member’s skills, capacity, team tasks, and incident urgency.
- Innovate new processes and workflows to address complex threats and risks.

****

**Requirements**:
**Skills**:

- Proven experience of 5+ years in Incident Response or Threat Hunting, including high skills in forensics and investigation of a network, endpoint, and cloud logs.
- Ability to manage critical employees under pressure.
- Ability to manage incidents and collaborate with several team activities in parallel streams to handle incidents holistically.
- Proven experience in dynamic and static malware analysis and the ability to extract malicious behavior indicators.
- Deep and proven knowledge and understanding of attacks and compromise footprints.
- Deep and proven knowledge of baseline operating system internals, network communications, and user behavior.
- Critical thinking, problem-solving skills, and innovative way of thinking.
- Action-oriented and have a proactive approach to solving issues.
- Good time management skills; and written and oral communications skills.
- Excellent organization and attention to detail.

**Knowledge**:

- Must have a deep understanding of computer intrusion activities, incident response techniques, tools, and procedures
- Thorough knowledge of digital forensics methodology as well as security architecture, system administration, and networking (including TCP/IP, DNS, HTTP, SMTP)
- Knowledge of operating systems essentials including Linux/Unix and Windows
- Excellent knowledge of Threat intelligence
- Familiar with Ethical hacking
- Experience with programming languages such as Python and PowerShell

**Certifications which may be valuable**:

- GIAC Certified Incident Handler (GCIH)
- Certified Information Systems Security Professional (CISSP)
- CERT-Certified Computer Security Incident Handler (CERT-CSIH)
- GIAC Certified Intrusion Analyst (GCIA)
- Certified Reverse Engineering Analyst (CREA)