SOC Researcher
- Proactively hunt for Indicators of Compromise (IoCs), Indicators of Attack (IoAs), and Advanced Persistent Threat (APT) Tactics, Techniques, and Procedures (TTPs) with a primary focus on endpoint activity and host-based telemetry
- Analyze endpoint data sources including EDR telemetry, system logs, process activity, file system changes, and memory artifacts to identify signs of malicious behavior and ongoing attacks
- Leverage host-based forensics and detection techniques to uncover stealthy threats and persistence mechanisms on endpoints
- Produce detailed incident reports and contribute to post-incident reviews and lessons learned in close collaboration with relevant teams
Mandatory expertise:
- Practical experience in the identification and investigation of information security incidents, development of recommendations to prevent similar incidents in the future
- Understanding of the methods, tools and processes to respond to information security incidents
- Experience in network traffic and log-files analysis from various sources
- Knowledge of current threats, vulnerabilities, typical of attacks on information systems and tools to implement them, as well as methods for their detection and response
- Practical experience in forensics artefact analysis (HDD and memory dumps)
- Candidates should possess strong written and oral communications skills
Desirable expertise:
- Creation, validation, and deployment of correlation rules for SIEMs, signatures or rules for IDS/IPS/NGAV/NGFW
- Performing static or dynamic malware analysis, and interacting with data from malware analysis tools
- Experience with Use case management framework: MaGMa, MITRE ATT&CK, etc
- Knowledge of network protocols, the architectures of modern operating systems and information security technologies
- Proficiency in python or PowerShell scripting (for both localized automation and analysis of)
