Incident Response Senior Consultant

About CyberArk: CyberArk (NASDAQ: CYBR) is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets.

CyberArk is seeking a highly skilled Digital Forensics and Incident Response (DFIR) Consultant to join our team. In this role you will be a hands-on technical leader and navigate complex technical incidents, forensics analysis, threat hunting, and malware analysis. You will assist customers in rapidly and effectively resolving security incidents at scale, providing comprehensive incident response, including investigation, containment, and crisis management.

Responsibilities:

• Investigate and analyze incidents with EDR systems to respond to ongoing security incidents in real-time.
• Develop Incident Response initiatives that improve our ability to respond and remediate security incidents effectively.
• Tracing malware activity and patterns and understanding how to remove malware non-destructively.
• Recognize attacker Tools, Tactics, and Procedures (TTP) and Indicators of Compromise (IOC) and apply to future incident response events.
• Analyze binary files to determine the legitimacy and extract IOCs when possible.
• Conducting forensic examinations on physical devices and performing analyses on live and collected memory.
• Create and refine detection and incident response playbooks.
• Collaborate with internal and customer teams to investigate and contain incidents.
• Produce high-quality written reports, presentations, and recommendations, to key stakeholders including customer leadership, and legal counsel.
• Establishing a collaborative environment for sharing data on machine timelines and suspicious events.
• Create operational metrics, key performance indicators (KPIs), and service level objectives to measure team competence.

Qualifications:

• 4+ years’ experience working with incident investigations and containment procedures.
• 4+ years’ experience with network, disk, memory, and cloud forensics.
• Minimum 1 year of experience leading Incident Response investigations and performing the following: network/log forensics, malware analysis, disk forensics, and memory forensics.
• Excellent time and project management skills with strong written and verbal communication abilities, capable of creating clear documentation and conveying complex technical concepts concisely.
• Skilled in building and maintaining effective relationships with customers, managing expectations, and ensuring seamless collaboration to achieve shared objectives.
• Experienced deploying software within customer environments using tools such as Intune, SCCM, GPO, AWS System Manager, Azure Automation, Ansible, Puppet, JAMF, and scripts.
• Experienced with the following: EDRs such as CrowdStrike Falcon, SentinelOne, MDE, leading projects and debriefing customers, creating and modification of scripts, enterprise security architecture and security controls, cloud incidents and forensic responses, malware triage analysis and disk or memory forensics for Windows, macOS, or Linux, software deployment tools such as Intune, Jamf, Ansible, Puppet, SCCM, CPO, and AWS System Manager.

Preferred experience:

• Collection tools such as Splunk, Kibana, or ELK Stack.
• Familiarity with collection tools like Splunk, Kibana, or the ELK Stack.

Preferred certifications:

We are proud to foster a diverse and inclusive workplace, where every individual's unique background, perspective, and contribution is celebrated. We believe that by embracing diversity, we drive innovation and create a stronger, more united team. Inclusion is at the heart of who we are and how we succeed. All qualified applicants will receive consideration for employment without regard to race, colour, age, religion, sex, sexual orientation, gender identity, or disability. Upon conditional offer of employment, candidates are required to complete a comprehensive background check as per our internal policy. CyberArk is an equal opportunities employer. If you would like any special arrangements made for your interview, please inform the EMEA Talent Acquisition team upon your application so that we may take steps to accommodate your needs.