Digital Forensic & Incident Response (DFIR) Expert

Digital Forensic & Incident Response (DFIR) Expert

Job Description:

Identifies, investigates, analyzes, and responds to cyber incidents within the SUSE environment in the full incident lifecycle. Drives continuous improvement by building internal threat intelligence, developing detection capabilities and performing threat hunting operations.

Responsibilities:

• Coordinate and provide expert technical support to resolve cyber defense incidents from initial detection through final resolution.
• Perform analysis of log data from a variety of sources (e.g., individual host logs, network traffic logs, EDR and IDS logs) to identify possible threats to network security, leveraging SIEM as required.
• Perform cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation.
• Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation.
• Performs incident root cause analysis for lessons learned to drive continuous improvement.

Education and Experience Required:

• Typically a minimum of 8 years of relevant hands-on experience.
• Relevant University degree and/or recognized industry certifications are plus, but not required

Knowledge and Skills:

• Ability to design incident response plan for hybrid (cloud & on-premise) environment.
• Ability to apply techniques for detecting host and network-based intrusions using intrusion detection, SIEM & EDR technologies.
• Knowledge of computer networking concepts and protocols, and network security methodologies.
• Knowledge of cyber threats and vulnerabilities.
• Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists) and hardening techniques.
• Knowledge of incident response and handling methodologies.
• Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks) and the MITRE ATT&CK framework.
• Knowledge of malware analysis concepts and methodologies.

This job description has been designed according to the CISA NICE Framework for the Security Architect (Advanced): https://niccs.cisa.gov/workforce-development/cyber-security-workforce-f…

Job:

Information Technology

SUSE, the world’s largest independent open source software company, powers digital transformation with true open source technologies for the enterprise that simplify, modernize and accelerate traditional, cloud and edge solutions. SUSE collaborates with partners, communities and customers to deliver and support solutions that enable mission-critical business outcomes. SUSE’s container and cloud platforms, software-defined infrastructure, and artificial intelligence and edge computing solutions allow customers to create, deploy and manage workloads anywhere – on premises, hybrid and multi-cloud. For more information, visit www.suse.com.