Role Responsibilities

• Review security-related events and assess their risk and validity based on available telemetry from network, endpoint, and global threat intelligence information in order to provide clients with concise, detailed, and well-written incident reports, root causes identification, and remediation recommendations
• Provide customers with understandable context around their security environment and threats
• Interface with clients to address their issues, concerns, and questions, and drive to satisfactory closure any issues that impact the service and its value
• Work with client and internal Secureworks incident response teams to resolve ongoing intrusions, malware outbreaks, and other security incidents
• Provide mentorship to Secureworks team members and clients on security strategy, tactics, techniques, and procedures
• Use the Secureworks platform to proactivity hunt for and investigate activity within the client environment
• Use experience gained during incident investigations as well as malware and exploit analysis to contribute to the development of indicators of compromise

Requirements

• Significant experience with and expert understanding of:
  • Two (2) or more of the following operating systems (Windows, Linux, Mac OS) at a filesystem level
  • Fundamental Internet protocols, services and technologies (e.g. HTTP/HTTPS, DNS, SMTP, SSH, LDAP, TCP/IP,
    UDP, ICMP, JSON, REST, etc.)
  • Common security controls (e.g. firewalls, proxies, IDS/IPS, WAF, etc.)
• Experience with one or more of the following platforms: Carbon Black, CrowdStrike, Redline, Lastline, RSA ECAT,
  etc.
• Network-based security tools (e.g. tcpdump, wireshark, etc.)
  //Secureworks/Confidential – Limited External Distribution
• Experience with and strong understanding of:
  • Performing both endpoint and network-based investigations
  • Reviewing logs to identify evidence of past intrusions
  • Pivot off indicators within networks to identify the scope and breadth of attacks
  • Operating system and application exploits
  • Lateral movement, living-off-the-land, and persistence establishment mechanisms
  • Detection of anomalous system activity
  • Incident response and incident handling processes
  • Strong technical communication skills, both written and verbal
  • Attention to detail and great organizational and time management skills
  • Excellent problem-solving skills that would allow for the ability to diagnose and troubleshoot technical issues
  • Client-focused with a passion for delivering service excellence
• Experience in one or more of the following:
  • Penetration testing
  • Vulnerability discovery and assessment
  • Incident Handling
  • Digital forensics