Incident responder : o Cyber Crime Investigation and Digital Artifacts Static & Dynamic Malware Analysisduring IRo acquisition Discovering vulnerabilities and providing witho Maintaining the procedures for Threat Handling, recommendations to avoid thedamage.
o Incident Handling, and Forensics Handling multiple high-profile incidents relatedo Creation and Updating of Security Incident & to spear phishing, web applicationattacks,o Event Management (SIEM) Rules.
Determine the timeline of the intrusion.o Determine the initial method of compromise.o Describe the overall attack methodology.
o Resolve the incident with proper analysis.o Provide root cause and trend analysis for all incidents.o Receive, document, and report cyber security events and incidentso Categorize incidents and implement corresponding escalation procedureso Communicate and coordinate incident response effortso Analyze reports to understand threat campaign(s) techniques, lateral movements andextract indicators of compromise (IOCs).
Respond to all cyber security scenarios such as but not limited to : o Service disruption and impact to the customer business (such as systems in a data centergoing offline).
o Huge and prolonged DDoS against critical assets that impacts the service delivered.o Spreading virus infection impacting internal systems.
o New discovered Zero Day threats / vulnerabilities that could impact customer’s criticalassets.o Phishing campaign against the customer business.
Provide support to unlimited number of incidents (no limit on the number of incidents). Comply with incident response service methodology and internal customer processesincluding, but not limited to : o Using best practice Incident response technology.
o Threat identification.o Incident scoping.o Containment strategy.o Evidence collection and forensic analysis.o Remediation.
o Reporting. Follow a well-defined process based (as the NIST incident handling guidelines)o Support different types of data and incidents collection mechanisms such as but not limitedto : o Collection of live response data from systems.
o Collection of network forensic data.o Intelligence collection.o Initial identification of malicious activity as well as indicators of compromise.
Provide a security simulation services for : o Simulating real world attacks. Periodically assess and advance customer teams.
Evidence collected during the case is prepared for archival and provided to the customer alongwith the full report, executive presentations, and board presentations.
Investigation reportsmust provide a comprehensive description and analysis of the incident and provide guidancefor both executive and technical audiences Reporting must include : o Malicious code analysis.
o Attack timeline and taxonomy.o Indicators of compromise related to the case.o Analysis of identified threats and adversary profiles.
o Victimology.o Root cause analysis.o Steps taken to contain and eradicate the threat.o Lessons learned.Job DetailsJob Location : Jubail, Saudi Arabia Job Role : Information Technology Company Industry : IT Services Preferred Candidate Career Level : Mid Career