Join CyberProof Today

DFIR Expert

Israel, Global SOC Operations

Description

CyberProof is a cyber security services and platform company whose mission is to help our customers react faster and smarter – and stay ahead of security threats, by creating secure digital ecosystems. CyberProof automates processes to detect and prioritize threats early and respond rapidly and decisively.

CyberProof is part of the UST Global family. Some of the world’s largest enterprises trust us to create and maintain secure digital ecosystems using our comprehensive cyber security platform and mitigation services. 

About this Role

• Supervise the DFIR service provided to customers from end to end.
• Develop the integrations and response workflows to align with the company’s goals.

Expectations from this role:

• Define and drive the incident readiness of customers’ environments to reduce the risk of future incidents.
• Availability to work 24/7 to solve escalated incidents and be the highest escalation point for all Operations teams.
• Orchestrate SOC collaborations with the company’s holistic approach to assist with the quick identification of an attack, minimize its effects, contain damage, and remediate the threat.
• Dictate the best practice for response workflows and procedures to achieve quick resolution for escalated cyber incidents.
• Increase the customer’s security posture level in a post-incident environment.

Typical performance measures: 

• Increase productivity and efficiency of the service by focusing on automating response activities.
• Initiate and push for collaboration between SOC teams to drive proactivity in all aspects of the Operations work.
• Engage with sales teams to drive potential customers to purchase the service and increase CyberProof’s margin goals.

Performance Areas: 

• Supervise the team activities to lead to high-performance service delivery during an incident crisis, considering the team member’s skills, capacity, team tasks, and incident urgency.
• Innovate new processes and workflows to address complex threats and risks.



Requirements

Skills:

• Proven experience of 5+ years in Incident Response or Threat Hunting, including high skills in forensics and investigation of a network, endpoint, and cloud logs.
• Ability to manage critical employees under pressure.
• Ability to manage incidents and collaborate with several team activities in parallel streams to handle incidents holistically.
• Proven experience in dynamic and static malware analysis and the ability to extract malicious behavior indicators.
• Deep and proven knowledge and understanding of attacks and compromise footprints.
• Deep and proven knowledge of baseline operating system internals, network communications, and user behavior.
• Critical thinking, problem-solving skills, and innovative way of thinking.
• Action-oriented and have a proactive approach to solving issues.
• Good time management skills; and written and oral communications skills.
• Excellent organization and attention to detail.

Knowledge:

• Must have a deep understanding of computer intrusion activities, incident response techniques, tools, and procedures
• Thorough knowledge of digital forensics methodology as well as security architecture, system administration, and networking (including TCP/IP, DNS, HTTP, SMTP)
• Knowledge of operating systems essentials including Linux/Unix and Windows
• Excellent knowledge of Threat intelligence
• Familiar with Ethical hacking
• Experience with programming languages such as Python and PowerShell

Certifications which may be valuable:

• GIAC Certified Incident Handler (GCIH)
• Certified Information Systems Security Professional (CISSP)
• CERT-Certified Computer Security Incident Handler (CERT-CSIH)
• GIAC Certified Intrusion Analyst (GCIA)
• Certified Reverse Engineering Analyst (CREA)