Summary
This role provides deeper technical investigation capability for escalated incidents requiring host triage, evidence handling, forensic review, malware-related investigation, and incident reconstruction. It is intended for a lean SOC model where deeper technical support is needed for serious incidents, but without turning the role into a lab-only forensic position.
Key Responsibilities
- Perform further inquiry on actions taken for escalated events
- Conduct evidence collection, documentation, and basic forensic triage
- Take a look at suspicious files, processes, persistence techniques, and execution chains & artifacts on hosts
- Assist in malware triage and suspicious code execution analysis.
- Aid in timeline reconstruction and incident scoping
Correlate Host Findings with:
- CrowdStrike telemetry of endpoints,
- Network activity of FortiGate
- External attack patterns of Cloudflare
- AWS events
- Sentry runtime or application issues
- Mimecast email-borne compromise indicators
- Netskope web/cloud session activities
- Support the containment and escalation of significant endpoint-driven incidents
- Engaging external forensic resources as required
- Have defensible records of findings and handling of evidence
- 24×7 operations
Mandatory Expertise
- Digital Forensics & Incident Response
- Digital Forensics & Malware Analysis
Good to Have
- CrowdStrike and/or NetSkope
Optional
Preferred Additional Skills
- Host triage
- Process tree analysis
- Evidence preservation
- Malware analysis fundamentals
- Live response awareness
- Windows / Linux forensic artifacts
- Incident reconstruction
- Basic scripting (PowerShell / Python)
Preferred Certifications
- GCFA
- GCFE
- GCIH
- CHFI
- SC-200
Note: Interested candidates may send their resume to [email protected]. Only shortlisted applicants will be contacted.