SOC Researcher

Responsibilities

• Proactively hunt for Indicators of Compromise (IoCs), Indicators of Attack (IoAs), and Advanced Persistent Threat (APT) Tactics, Techniques, and Procedures (TTPs) with a primary focus on endpoint activity and host-based telemetry
• Analyze endpoint data sources including EDR telemetry, system logs, process activity, file system changes, and memory artifacts to identify signs of malicious behavior and ongoing attacks
• Leverage host-based forensics and detection techniques to uncover stealthy threats and persistence mechanisms on endpoints
• Produce detailed incident reports and contribute to post-incident reviews and lessons learned in close collaboration with relevant teams

Mandatory expertise

• Practical experience in the identification and investigation of information security incidents, development of recommendations to prevent similar incidents in the future
• Understanding of the methods, tools and processes to respond to information security incidents
• Experience in network traffic and log-files analysis from various sources
• Knowledge of current threats, vulnerabilities, typical of attacks on information systems and tools to implement them, as well as methods for their detection and response
• Practical experience in forensics artifact analysis (HDD and memory dumps)
• Candidates should possess strong written and oral communications skills
• Creation, validation, and deployment of correlation rules for SIEMs, signatures or rules for IDS/IPS/NGAV/NGFW
• Performing static or dynamic malware analysis, and interacting with data from malware analysis tools
• Experience with Use case management framework: MaGMa, MITRE ATT&CK, etc
• Knowledge of network protocols, the architectures of modern operating systems and information security technologies
• Proficiency in python or PowerShell scripting (for both localized automation and analysis of)