Senior Associate, Threat Detection, Cyber Risk
CDMX, Mexico
Kroll
As the leading independent provider of risk and financial advisory solutions, Kroll leverages our unique insights, data and technology to help clients stay ahead of complex demands. Click for more details.In a world of disruption and increasingly complex business challenges, our professionals bring truth into focus with the Kroll Lens. Our sharp analytical skills, paired with the latest technology, allow us to give our clients clarity—not just answers—in all areas of business. We embrace diverse backgrounds and global perspectives, and we cultivate diversity by respecting, including, and valuing one another. As part of One team, One Kroll, you’ll contribute to a supportive and collaborative work environment that empowers you to excel.
Kroll’s Cyber Risk team works on over 2,000 cases a year, including some of the most complex and highest profile matters in the world. With experts based around the world, supported by ground-breaking technology, we help protect our client’s data, people, operations and reputation with innovative assessments, investigations, and intelligence. We are the only company in the world with the expertise and resources to deliver global, end-to-end cyber risk management, supporting organizations through every step of their journey toward cyber resilience.
Clients count on us for quick and expert support in the event of and in preparation against a cyber incident; from incident response to risk assessments, and complex forensics to breach notification and ID theft remediation we help clients – of all sizes – respond with confidence.
At Kroll, your work will help deliver clarity to our clients’ most complex governance, risk, and transparency challenges. Apply now to join One team, One Kroll.
This position is remote.
RESPONSIBILITIES:
We are looking for bright, motivated, and inquisitive minds to join our Kroll Responder 24x7 monitoring and response team who are experienced in and passionate about modern cyber threat hunting and active response. Our Senior Associates use leading endpoint detection and response tools to rapidly identify, investigate, and respond to threats and threat actors impacting systems and networks around the globe every day.
- Perform ongoing threat hunting, analysis, containment, and remediation of threats identified through advanced endpoint detection and response (EDR), endpoint prevention (EPP), SIEM, and related security tools.
- Collect and review relevant forensic artifacts to identify root cause and understand nature of threats.
- Develop written threat reports associated with events.
- Assist in ongoing research, development, and testing of enhanced threat detection and response tools, techniques, and indicators.
- Support incident engagement teams with active intrusion detection and response tasks.
- Conduct threat research, forensic analysis, and basic malware analysis of threats.
- Assist with questions regarding threat detections, EDR tools, deployment, and maintenance.
REQUIREMENTS:
- Bachelor’s degree or higher in Computer Science, Cyber Security, Computer Engineering, or similar technical degree.
- Minimum 3 years’ experience in threat hunting, detection, and response or equivalent experience.
- Ability to respond rapidly, multi-task, and communicate effectively both verbally and in writing with team members and engagement managers.
- Highly motivated, tenacious, assertive problem solver with a desire to analyze root cause and reach effective conclusions to active intrusions and incidents on an ongoing basis both individually and as part of larger response teams.
- Solid understanding of Windows operating system fundamentals, architecture (File System, registry, processes, binaries, DLL’s, etc.) and administration concepts. Similar understanding of MacOS and/or Linux a plus.
- Prior experience actively using endpoint threat detection and response (EDR) products to investigate threats such as Sentinel One, Crowdstrike Falcon, VMWare Carbon Black, Windows Defender ATP, Cortex XDR, Trend Micro XDR, or others.
- Understanding of common threat actor techniques, malware behavior and persistence mechanisms.
- Working knowledge of various scripting languages and tools (PowerShell, Python, VB, Yara)
- Working knowledge of TCP/IP and related networking concepts.
- Prior experience using Splunk or other SIEM solutions, intrusion detection solutions, or related security products.
- Relevant cyber security certifications a plus.
- Excellent written and verbal communication skills
- Availability for occasional after-hours, weekends, and/or holiday work in response to active incidents.
In order to be considered for a position, you must formally apply via careers.kroll.com.
Kroll is committed to equal opportunity and diversity, and recruits people based on merit.
#LI-CN1
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Carbon Black Computer Science CrowdStrike EDR Forensics Governance Incident response Intrusion detection Linux MacOS Malware Monitoring PowerShell Python Risk assessment Risk management Scripting SIEM Splunk TCP/IP Threat detection Threat Research VMware Windows XDR
Perks/benefits: Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Product Security Engineer jobs
- Open Information Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Staff Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open IT Security Engineer jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Operations Analyst jobs
- Open Sr. Security Engineer jobs
- Open Security Consultant jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open ISO 27001-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open APIs-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open SaaS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs