Cyber Operations - Incident Response
• Strong knowledge of cloud security principles and experience with cloud platforms like AWS, Azure, or Google Cloud
• Proficiency in network security principles, protocols, and technologies (firewalls, IDS/IPS, VPNs, etc.)
• Proficiency in endpoint security principles and technologies (Antivirus/Anti-malware software, Host-based Intrusion Detection Systems, EDR, etc.)
• Understanding of operating systems (Windows, Linux, Unix) and their security mechanisms
• Experience using a SIEM for log aggregation, correlation, and analysis
• Experience with incident response, and incident response tools, frameworks, and life cycle
• Experience with query languages •Familiarity with MITRE ATT&CK Framework, adversary TTPs, and threat intelligence
• Knowledge of malware analysis techniques and tools
• Demonstrated experience in IT best practices regarding application, enterprise system, and network security
• Ability to create and maintain documentation to include internal processes, procedures, relevant instructions, policies, and guidance
• Ability to be on call for incident response
• Strong technical writing skills
• Strong analytical and problem-solving skills to investigate and resolve security incidents.
• Strong attention to detail to identify security vulnerabilities and anomalies
• Excellent communication skills to effectively communicate with team members, management, and other stakeholders
• Adaptability and willingness to learn new technologies and methodologies
