DFIR Assistant Manager  

Overall scope of work:

• We are seeking a motivated and detail-oriented Incident Response and Threat Intelligence Technical Manager to join our dynamic team. This position is intended for individuals passionate about cybersecurity and eager to develop their skills in a supportive and collaborative environment. The successful candidate will become part of our Managed Security Services team and is responsible on investigating security incidents, analyzing digital evidence by performing disk forensics, performing threat intelligence by utilizing OSINT and dark web monitoring. This role also involves proactive threat hunting for undetected threats within an organization.

Responsibilities:

Digital Forensics & Incident Response (DFIR):

• Lead forensic investigations on compromised endpoints, servers, and cloud environments.
• Collect and analyze digital evidence from logs, disk images, memory dumps, and network traffic.
• Perform malware reverse engineering and root cause analysis to determine attack origins.
• Develop incident response playbooks, forensic reports, and lesson learned documentation.

Threat Intelligence and Threat Hunting:

• Conduct in-depth research on cyber threat actors, campaigns, and TTPs.
• Leverage open-source intelligence (OSINT), dark web monitoring, and cyber threat feeds to identify emerging threats.
• Correlate threat intelligence data with security alerts to improve detection capabilities.
• Provide strategic recommendations to security teams on threat mitigation.
• Perform proactive threat hunting across endpoints, network, and cloud environments.
• Identify and analyze anomalous behavior, lateral movement, and potential APT activities.

• Bachelor’s degree in information technology, Computer Science, Computer Engineering or related fields (or equivalent experience).
• Minimum of 4-5 years of hands-on experience in Digital Forensics, threat intelligence, and threat hunting.
• • Proficiency in using forensic tools like EnCase, FTK, Nuix, Autopsy and analyze disk images, memory dumps, and network traffic, MITRE ATT&CK framework.
• • Experience with incident response frameworks and methodologies and identify and assess threat actors, tactics, techniques, and procedures (TTPs).
• • Experience in containment, eradication, and recovery processes.
• • Proficient in analyzing logs from various sources (e.g., SIEM, firewalls, IDS/IPS, EDR platform).
• • Experience with platforms like MISP, ThreatConnect and Anomali and in gathering and analyzing publicly available information.
• • Proficient in identifying anomalies and indicators of compromise (IOCs).
• • Experience with threat hunting tools like Carbon Black, CrowdStrike, and SentinelOne.
• Required Certifications: (at least 1 of the following)
  • GIAC Certified Forensic Analyst (GCFA)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Reverse Engineering Malware (GREM)
  • Certified Threat Intelligence Analyst (CTIA)
  • Offensive Security Certified Professional (OSCP) or GIAC Penetration Tester (GPEN)