Job Details
Experience Needed:
Career Level:
Education Level:
Salary:
Job Categories:
Skills And Tools:
Job Description
- Be an integral part of the Investigations and Cyber Response Team in responding to active and time-sensitive threats including communications and coordination across different teams.
- Perform forensics on network, host, memory, and other artifacts originating from multiple operating systems, applications, or networks and extract IOCs (Indicators of Compromise) and TTP (Tactics, Techniques, and Procedures).
- Experience in security technologies such as: Security information and event management ( SIEM ), IDS/IPS, Data Loss Prevention (DLP), Web Application Firewall (WAF) , Endpoint detection and response (EDR), Sandboxing, network- and host-based firewalls, Threat Intelligence, Penetration Testing, Proxy and Anti-virus solutions.
- Strong understanding and experience in Cylance, Carbon black, and Crowd strike, endpoint security tools.
- Ability to perform threat intelligence activities using open source tools.
- Work to create, leverage automation, continuously develop, maintain a mature investigations and incident response program.
- Build and manage a digital forensic lab, including processes and procedures that would stand up in a legal setting.
- Collect, analyze, assess, and disseminate information about cyber threats and potential attacks.
- Develop comprehensive, accurate reports and presentations for both technical and executive audiences.
- Research the latest security best practices and technologies, staying abreast of new threats and vulnerabilities and helping disseminate this information within the groups at the company.
Job Requirements
- Bachelor s degree in Computer Science, Engineering, Science, Math or Cyber Security related field is required.
- Work Experience: Minimum 10 years functional experience including a minimum of 3+ years directly related to this role in incident response and digital forensics.
- Experienced with EnCase, FTK, X-Ways, Axiom, SIFT, Splunk, Elastic Stack, Redline, Volatility, Wireshark, TCPDump, and open-source forensic tools.
- Deep understanding of internals and constructs of modern operating systems.
- Proficiency with at least one interpreted programming language (Python, Ruby, etc.) preferred, but not required.
- Advanced knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security are preferred, but not required.
- Strong understanding of vulnerabilities, common attack vectors and has attacker mindset: the ability to think about creative threats and attack vectors.
- Strong communication (i.e., written and verbal), presentation, teamwork skills, and resourcefulness.
- Experience with digital forensics in cloud services a plus Strong written, spoken skills, analytical skills, problem-solving skills, and demonstrated ability to work in complex environments to analyze cyber incident investigations.
- Preferred Certifications: GCFA/ GREM/ GCFE / GNFA / EnCE / MCFE
- Must be an Egyptian Citizen.
