Cybersecurity Expert

Job Title: Cybersecurity Expert - Threat Intelligence

About Us:

We empower businesses to stay operational and resilient in a complex cybersecurity landscape. Breaches happen, but our cutting-edge platform helps minimize their impact by preventing ransomware and advanced malware spread.

We enable organizations to continue operating while breaches are contained, ensuring critical assets remain protected. Our innovative platform provides unparalleled visibility into traffic patterns between workloads, devices, and users, allowing businesses to enforce granular security perimeters, isolate key assets, and respond to threats with agility.

Company Overview:

We're a fast-growing cybersecurity company redefining the way enterprises protect their digital assets. Our market-leading platform enables Zero Trust security and real-time visibility into application traffic, ensuring robust protection against modern cyber threats.

Job Description:

• Analyzing security events using Splunk/Log Rhythm/Qradar and SIEM tools to detect IT security incidents.
• Knowledge of network and endpoint security, threat intelligence, and vulnerabilities.
• Conducting analysis of log files, including forensic analysis of system resource access.
• Reviewing customer reports to ensure quality and accuracy.
• Monitoring multiple security technologies, such as SIEM, IDS/IPS, Firewalls, Switches, VPNs, networking and other security threat data sources.
• Sandboxes and malware analysis expertise.
• Knowledge of the Cyber Kill Chain and MITRE ATT&CK frameworks functionality.
• Possible attack activities, such as scans, man in the middle, sniffing, DoS, DDoS, etc., and possible abnormal activities, such as worms, Trojans, viruses, etc.
• Advanced certifications like CISSP, OSCP, GCIH, GSOC, or GCIA are preferred.
• A high level of integrity, professionalism, and attention to detail.
• The ability to communicate complex security issues to peers and management alike.
• A motivated, self-managed individual who can demonstrate above-average analytical skills and work professionally under pressure.

Roles & Responsibilities:

• Mentoring junior analysts.
• Developing and maintaining SOC processes, playbooks, and standard operating procedures to ensure consistent and effective response to security events.
• Incident Analysis: Conducting detailed analysis of escalated security incidents.
• Coordination of end-to-end Security Incident management on escalated incidents, ensuring timely updates to stakeholders and efficient resolution of incidents, to achieve Root Cause Analysis (RCA).
• Threat Monitoring and Analysis: Monitoring security alerts and events using SIEM and other security tools.
• Leading proactive threat hunting to identify potential risks and vulnerabilities.
• Integrating threat intelligence feeds into platforms and staying updated on emerging threats.
• Collaboration: Creatively solving problems with SecOps, Platform, Delivery, IT, and Engineering team members.
• Monitoring and analyzing security events to detect and respond to threats.
• Ensuring timely and effective responses to security events, including RCA, containment, eradication, and recovery.
• Coordinating with other departments for clear communication and alignment.
• Forensic Analysis: Performing forensic analysis and malware analysis of Computers.
• Collecting and analyzing forensic artifacts, including memory and disk images to identify malicious activity.
• Gathering evidence for legal and investigative purposes.
• Continuously improving SOC operations by evaluating and implementing new tools, technologies, and methodologies.
• Automating workflows using PowerShell, regular expressions, and API.
• Integrating threat intelligence into SOC operations, ensuring awareness and preparedness for emerging threats.
• Overseeing the creation and refinement of detection rules, aligning them with the MITRE ATT&CK Framework.
• Leading efforts to identify gaps in monitoring and developing strategies to enhance detection capabilities.
• Working closely with IT and cybersecurity teams to ensure alignment on security strategies and initiatives.

Qualifications:

• Education: Bachelor's degree in Information Technology, Computer Science, Business, or Engineering is required, or equivalent experience.
• Certifications: Advanced certifications such as CISSP, OSCP, GCIH, GSOC, or GCIA.
• Incident Response Experience: 4+ years of experience in Cyber Incident response and investigations.
• Strong interpersonal skills with the ability to collaborate well with others.
• Excellent written, verbal, and communication skills.

Why Work with Us:

Work on a cutting-edge cybersecurity product in a fast-paced startup environment. Collaborate with a world-class team of engineers and security experts. Opportunity to learn, grow, and make a real impact from day one.