Incident Responder and Threat Hunter

Charlotte, NC, United States

Applications have closed

Arista Networks

Arista Networks was founded to pioneer and deliver software-driven cloud networking solutions for large data center storage and computing environments. Arista’s award-winning platforms, ranging in Ethernet speeds from 10 to 100 gigabits per...

View company page

Company Description

Arista Networks is an industry leader in Cognitive Cloud Networking for mission critical data center and campus environments. Our award winning open source platforms deliver ultra low latency, high availability, automated analytics and secure network solutions.

Our culture is one that is founded on our core key values which resonate across all of our employee and include respect, integrity, teamwork, innovation, trust and passion for quality. In fact quality is the most important attribute of our products. Why? Really simple, when the network ain't working ain't nothing working!"

Job Description

Awake’s mission is to protect companies from advanced cyber-attacks and to help their security teams operate with maximum efficiency. Our approach is simply different than what is available today, and we aim to create a world-class, enduring capability to help protect the information assets that enhance our lives and careers.

Awake is comprised of customer focused professionals with best-in-class industry experience.  Our team of extremely talented and friendly individuals is looking for new members who are passionate, motivated, and most of all, enjoy working closely with customers to ensure their success.

Responsibilities:

  • Lead and deliver client Incident Response (IR) and Compromise Assessment (CA) engagements

  • Continue to expand and develop the incident response practice by enhancing deliverables and mentoring new employees

  • Conduct Digital Forensic and Incident Response (DFIR) analysis, network log and PCAP analysis, malware triage; and other investigation related activities in support of IR & CA engagements

  • Scope and contain incidents using Endpoint Detection and Response (EDR) tools and Awake's Network Detection and Response (NDR) appliances

  • Assist Awake's clients by advising on and helping to implement IR & CA remediation plans

  • Collect, process, automate, and analyze network and endpoint forensic artifacts.

  • Develop code scripts and tools to automate the analysis of forensic artifacts and other response solutions

  • Evolve existing Awake Labs methodologies to enhance and improve our DFIR practice

  • Assist with client incident scoping calls as well as participating in the incident from kickoff through containment and remediation

  • Provide training, present to small groups, write blogs, and speak at conferences such as Blackhat and BSides

  • Write executive and technical reports for client engagements

Qualifications

  • 5 or more years of DFIR experience as a consultant
  • An individual who understands forensic artifacts rather than a tool
  • Proficient with host-based (Windows, Mac and/or Linux) forensic triage and analysis
  • Proficient with network-based hunting and analysis
  • Proficient at threat hunting
  • Ability to conduct dynamic malware analysis to gain a quick understanding of malware and understand the IOCs generated
  • Ability to work independently or as part of a collaborative team effort
  • Excellent consulting and customer-facing skills

Desired Skills

  •  Ability to perform tabletop incident response exercises
  • Strong understanding of network security concepts
  • Cloud (AWS, Azure, GCP, and O365) DFIR experience
  • Experience with Python, Go, C#/.NET and/or Powershell
  • Familiar with interacting and/or writing APIs
  • Familiar with Splunk, ELK, and/or other SIEM/big data tools (familiarity with the ELK stack is particularly desired, especially having the ability to write performant Lucene queries and create Logstash filters to ingest data).
  • Familiar with writing SIGMA rules.
  • Familiar with multiple EDR solutions.
  • Familiar with case management tools such as TheHive.
  • Familiar with forensic collection tools such as CyLR and Velociraptor.
  • CREST Certified in incident response
  • SANS Certified in incident response

Perks and Benefits

  • Competitive salary, quarterly bonus opportunities, and company equity
  • Talented and friendly teammates
  • Comprehensive medical, dental and vision
  • Flexible work hours and unlimited vacation

Additional Information

All your information will be kept confidential according to EEO guidelines.

Where legally permitted, Arista requires all candidates for U.S.-based positions to be fully vaccinated against Covid-19 or have an approved accommodation under applicable law. Candidates anticipating seeking an exemption should contact Arista HR before their start date. Candidates accepting an offer must provide proof of vaccination status on their first day. All offers of employment are contingent upon complying with Arista's vaccination policy.

Tags: Analytics APIs AWS Azure Big Data C Cloud CREST DFIR EDR ELK Forensics GCP Incident response Linux Malware Network security Open Source PCAP PowerShell Python SANS SIEM Splunk Windows

Perks/benefits: Competitive pay Conferences Equity Flex hours Flex vacation Health care Salary bonus Unlimited paid time off

Region: North America
Country: United States
Job stats:  4  0  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.