Job Description

Incident Response Senior Advisor - Secureworks

Secureworks (NASDAQ: SCWX) a global cybersecurity leader, enables our customers and partners to outpace and outmaneuver adversaries with more precision, so they can rapidly adapt and respond to market forces to meet their business needs. With a unique combination of cloud-native, SaaS security platform and intelligence-driven security solutions, informed by 20+ years of threat intelligence and research, no other security platform is grounded and informed with this much real-world experience. www.secureworks.com

We enjoy competitive compensation and benefits packages, and reward and recognize our employees for exceptional results. A constant focus on continued learning and growth keeps our team members engaged and excited about whats next. We offer flexible work options when available, and emphasize the importance of work-life balance. We know that when our people are rewarded, recognized, and rejuvenated, we win as a team.

Role Responsibilities

The Incident Response Consultant is focused on working with customers on cyber threat hunting and cyber incident response efforts. Cyber threat hunting includes helping customers identify unknown compromise activity and gaps in their cybersecurity controls. Responding to cyber incidents includes helping customers manage the technical and non-technical aspects of incident response efforts, conducting investigative analysis using digital forensics methods to help customers identify and reconstruct the nature and scope of cyber incident activity, and developing tailored remediation plans.

* Serve as subject matter expert in incident response, cyber threat hunting, and digital forensic analysis efforts
* Perform complex incident response investigative analysis and develop conclusions based on the analysis of host, network, and cloud digital artifacts
* Document findings and develop tailored incident response remediation recommendations to present both orally and in written reports to customers
* Develop tailored incident response remediation plans for major cyber incidents to direct customer containment and recovery efforts
* Participate in a 24x7 on-call rotation for supporting requests from global incident response customers
* Travel as needed to assist customers with on-site incident response efforts
* Availability for periodic after-hours, weekends, and holiday work to support global incident response customers

LI-Remote

Minimum Requirements

* Minimum of 5 years of cybersecurity experience in complex operating environments
* Minimum of 2 years of host forensics, network forensics, and cloud forensics experience for threat hunting and incident response efforts
* Minimum of 2 years of experience with one or more of the following tools: X-Ways, Magnet, F-Response, Volatility, Open Source Forensics Tools
* Minimum of one or more of the following certifications: GCFE, GCFA, GCTI, GNFA, GREM, CCIM, or CySA+

Preferred Skills

* Undergraduate degree in computer science, information systems, information assurance, cybersecurity, or equivalent work experience
* Familiar with tactics, techniques, and procedures commonly employed by threat actors, and their means and motivations
* Understanding of vulnerabilities and techniques used by threat actors to discover, analyze, and exploit information system vulnerabilities
* Theoretical and practical knowledge in the following areas:
* Unix, Linux, Windows, and macOS operating systems
* AWS, Azure (including Microsoft 365), and GCP
* Exploits, vulnerabilities, intrusion vectors, and malware
* Network traffic analysis, endpoint activity analysis, log analysis, and malware analysis techniques
* Enterprise cyber incident management and response processes
* Enterprise cybersecurity controls and failure modes
* Applied knowledge in scripting and programming languages
* Cybersecurity frameworks relevant to cyber incident response and cyber threat hunting: MITRE ATT&CK;, CIS Controls, NIST CSF, NIST 800-53

Location
Remote - US

Up to 15% travel

UNITED STATES:

Secureworks (A Dell Technologies Company) is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Secureworks are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Secureworks will not tolerate discrimination or harassment based on any of these characteristics. Learn more about Diversity and Inclusion at Secureworks here.