Incident Response - Malware/Reverse Engineer

Position: Incident Response - Reverse Engineer/Malware Analyst
Location: Washington DC (Metro Accessible)
Onsite: Hybrid (2 days a week)
Duration: Long Term Contract

Overview:

• 8+ years of Incident Response experience, preferably in a large and/or global organization.
• Remediate security incidents and respond to suspicious emails.
• Develop recommendations intended to enhance security over the medium-to-long term planning horizon.
• Automate Security incident and threat hunting runbooks using XSOAR.
• Document Security incidents reports and forensic reports.
• Modification skills, preferably with Python.
• Bachelor's degree in computer science, information technology, systems engineering, or a related field.
• Commiserate certification preferred.

Objectives:

• Participate in all the phases of incident response process, including detection, containment, eradication, and post-incident reporting.
• Conduct thorough investigative actions based on security events and remediate as dictated by standard operating procedures.
• Timely identification, collection, correlation, and dissemination of threat intelligence through the use of various security systems (e.g. SIEM system, IDS/IPS, scanners).
• Detect and respond to intrusion or security breaches.
• Perform malware analysis, using available tools, techniques and standard operating procedures.
• Document vulnerabilities and exploits used while analyzing a malware.
• Perform research on vulnerabilities, exploits, zero-day Malware and then provide early alerts to Security Engineering team along with mitigation strategy.
• Ensure the accuracy and integrity of information throughout reporting.
• Assist the Incident response lead in developing and setting up frameworks for developing incident response toolkit.
• Assist in the designing and development of tools for detection, protection, containment of malicious activity.
• Monitor access control and authorization systems and practices.
• Conduct research pertaining to the malware, intrusions, etc. and the latest techniques for combating them.
• Respond to day-to-day security requests relating to Logrhythm operations.
• Support Security Engineers in developing data and reports.
• Provide escalated response and support to intrusion or security breach investigations.
• Automate security management processes including alerting, network management.
• Assess, design, and recommend security incident avoidance platform based on systems resiliency models.
• Monitor access control and authorization systems and practices of security architecture.
• Identify commonalities and differences between malware samples for purposes of grouping or classifying for attribution purposes.
• Perform research on vulnerabilities, exploits, zero-day Malware and then provide early alerts to Security Engineering team along with mitigation strategy.
• Ensure the accuracy and integrity of information throughout reporting.
• Provide technical input on threat and vulnerability risks.
• Support all aspects of Security Information and Event Management initiative.
• Support the establishment, enhancement, and continual improvement of an integrated set of correlation rules, alerts, searches, reports, and responses.
• Coordinate and conduct an event collection, log management, event management, compliance automation, and identity monitoring activities.
• Tune Logrhythm performance and event data quality to maximized Logrhythm system efficiency and detection capabilities.
• Continuously improve security monitoring program leveraging log analysis, data mining and security alerting (SIEM).
• Assist with analyst using Logrhythm and other tools to detect and respond to IT security incidents.
• Must be able to support data collection from a large, complex server and network infrastructure and user base.
• Periodically review an existing intelligence feed maintained in SIEM tool to remove false positives.
• Configure Security rules and policies in Azure services and ensure alerting is configured via MCAS.
• Leverage Azure Advanced Threat hunting and KQL to perform investigation on the alerts that are generated and escalated by Security Monitoring.
• Perform Disk and Memory forensics using Access Data and Encase.
• Perform Top-talker analysis and identify anomalies using Riverbed solution.