POSITION

EDR & Senior Intrusion Analyst at Secureworks (DC-0002)

Be part of an exciting team that deals with bleeding-edge information security attacks, malware infections, and incident response situations daily. Protecting our clients from threat actors attempting to compromise their environments.Working as a Senior Intrusion Analyst in an operation center environment with other security and networking professionals, you will extend your currently existing network and endpoint forensic analysis skillset through identification, assessment, review and authoring of incident reports in a variety of client environments.

You will actively investigate threat actor activity, malware infections, living off the land attacks, as well as a variety of other security incidents and provide clients with the impact of the threat, your assessment of the incident, as well as
recommendations.

Role Responsibilities

  • Review security-related events and assess their risk and validity based on available telemetry from network, endpoint, and global threat intelligence information in order to provide clients with concise, detailed, and well-written incident reports, root causes identification, and remediation recommendations
  • Provide customers with understandable context around their security environment and threats
  • Interface with clients to address their issues, concerns, and questions, and drive to satisfactory closure any issues that impact the service and its value
  • Work with client and internal Secureworks incident response teams to resolve ongoing intrusions, malware outbreaks, and other security incidents
  • Provide mentorship to Secureworks team members and clients on security strategy, tactics, techniques, and procedures
  • Use the Secureworks platform to proactivity hunt for and investigate activity within the client environment
  • Use experience gained during incident investigations as well as malware and exploit analysis to contribute to the development of indicators of compromise

Requirements

  • Significant experience with and expert understanding of:
    • Two (2) or more of the following operating systems (Windows, Linux, Mac OS) at a filesystem level
    • Fundamental Internet protocols, services and technologies (e.g. HTTP/HTTPS, DNS, SMTP, SSH, LDAP, TCP/IP,
      UDP, ICMP, JSON, REST, etc.)
    • Common security controls (e.g. firewalls, proxies, IDS/IPS, WAF, etc.)
  • Experience with one or more of the following platforms: Carbon Black, CrowdStrike, Redline, Lastline, RSA ECAT,
    etc.
  • Network-based security tools (e.g. tcpdump, wireshark, etc.)
    //Secureworks/Confidential – Limited External Distribution
  • Experience with and strong understanding of:
    • Performing both endpoint and network-based investigations
    • Reviewing logs to identify evidence of past intrusions
    • Pivot off indicators within networks to identify the scope and breadth of attacks
    • Operating system and application exploits
    • Lateral movement, living-off-the-land, and persistence establishment mechanisms
    • Detection of anomalous system activity
    • Incident response and incident handling processes
    • Strong technical communication skills, both written and verbal
    • Attention to detail and great organizational and time management skills
    • Excellent problem-solving skills that would allow for the ability to diagnose and troubleshoot technical issues
    • Client-focused with a passion for delivering service excellence
  • Experience in one or more of the following:
    • Penetration testing
    • Vulnerability discovery and assessment
    • Incident Handling
    • Digital forensics

Education/Experience

4-6 years of relevant experience or equivalent combination of education and work experience:

  • Completion of a Bachelor’s degree or equivalent program in Computer Science, Network Security, Information Security
  • Relevant work experience in security related field

Preferred

Preferred Certifications: GCIA, GWAPT, GCIH, GCFA/GCFE, GREM, OSCP/OSCE, eLearn THP or similar certification preferred

Nice to have skills

  • Demonstrated track record of identifying and pursuing strategic and complex areas of security research in collaboration with internal and external stakeholders at all levels.
  • Malware analysis sandboxes and tools (e.g. Cuckoo, etc.)
  • Regular expressions

Sponsors & Partners

They help us make this conference possible.

POWERED BY

At Orange Business Services, we help our customers transform their industries, reimagine their services, create a positive impact and unleash the power of their data into an amazing and trusted resource.

With the dual expertise as a global operator coupled with the agility of an end-to-end integrator, Orange Business Services is a global network-native, digital services company. From connectivity, smart mobility services and the cloud to artificial intelligence (AI), analytics and cybersecurity, Orange Business Services helps businesses at every stage of their data management. Orange Business Services is represented in Romania by the business division of Orange Romania and helps large companies, SMEs and public authorities to transform their organizations through the use of technology and digital information.

www.orange.ro

Platinum Partners

Gold Partners

pentest tools defcamp

defcamp 2022 booking holdings

Silver Partners

siemens defcamp 2022

huawei defcamp 2022

Bronze Partner

zitec defcamp

HACKING VILLAGE PARTNERS
COMMUNITY & MEDIA PARTNERS