Incident Responder and Threat Hunter
Charlotte, NC, United States
Applications have closed
Arista Networks
Arista Networks was founded to pioneer and deliver software-driven cloud networking solutions for large data center storage and computing environments. Arista’s award-winning platforms, ranging in Ethernet speeds from 10 to 100 gigabits per...Company Description
Arista Networks is an industry leader in Cognitive Cloud Networking for mission critical data center and campus environments. Our award winning open source platforms deliver ultra low latency, high availability, automated analytics and secure network solutions.
Our culture is one that is founded on our core key values which resonate across all of our employee and include respect, integrity, teamwork, innovation, trust and passion for quality. In fact quality is the most important attribute of our products. Why? Really simple, when the network ain't working ain't nothing working!"
Job Description
Awake’s mission is to protect companies from advanced cyber-attacks and to help their security teams operate with maximum efficiency. Our approach is simply different than what is available today, and we aim to create a world-class, enduring capability to help protect the information assets that enhance our lives and careers.
Awake is comprised of customer focused professionals with best-in-class industry experience. Our team of extremely talented and friendly individuals is looking for new members who are passionate, motivated, and most of all, enjoy working closely with customers to ensure their success.
Responsibilities:
Lead and deliver client Incident Response (IR) and Compromise Assessment (CA) engagements
Continue to expand and develop the incident response practice by enhancing deliverables and mentoring new employees
Conduct Digital Forensic and Incident Response (DFIR) analysis, network log and PCAP analysis, malware triage; and other investigation related activities in support of IR & CA engagements
Scope and contain incidents using Endpoint Detection and Response (EDR) tools and Awake's Network Detection and Response (NDR) appliances
Assist Awake's clients by advising on and helping to implement IR & CA remediation plans
Collect, process, automate, and analyze network and endpoint forensic artifacts.
Develop code scripts and tools to automate the analysis of forensic artifacts and other response solutions
Evolve existing Awake Labs methodologies to enhance and improve our DFIR practice
Assist with client incident scoping calls as well as participating in the incident from kickoff through containment and remediation
Provide training, present to small groups, write blogs, and speak at conferences such as Blackhat and BSides
Write executive and technical reports for client engagements
Qualifications
- 5 or more years of DFIR experience as a consultant
- An individual who understands forensic artifacts rather than a tool
- Proficient with host-based (Windows, Mac and/or Linux) forensic triage and analysis
- Proficient with network-based hunting and analysis
- Proficient at threat hunting
- Ability to conduct dynamic malware analysis to gain a quick understanding of malware and understand the IOCs generated
- Ability to work independently or as part of a collaborative team effort
- Excellent consulting and customer-facing skills
Desired Skills
- Ability to perform tabletop incident response exercises
- Strong understanding of network security concepts
- Cloud (AWS, Azure, GCP, and O365) DFIR experience
- Experience with Python, Go, C#/.NET and/or Powershell
- Familiar with interacting and/or writing APIs
- Familiar with Splunk, ELK, and/or other SIEM/big data tools (familiarity with the ELK stack is particularly desired, especially having the ability to write performant Lucene queries and create Logstash filters to ingest data).
- Familiar with writing SIGMA rules.
- Familiar with multiple EDR solutions.
- Familiar with case management tools such as TheHive.
- Familiar with forensic collection tools such as CyLR and Velociraptor.
- CREST Certified in incident response
- SANS Certified in incident response
Perks and Benefits
- Competitive salary, quarterly bonus opportunities, and company equity
- Talented and friendly teammates
- Comprehensive medical, dental and vision
- Flexible work hours and unlimited vacation
Additional Information
All your information will be kept confidential according to EEO guidelines.
Where legally permitted, Arista requires all candidates for U.S.-based positions to be fully vaccinated against Covid-19 or have an approved accommodation under applicable law. Candidates anticipating seeking an exemption should contact Arista HR before their start date. Candidates accepting an offer must provide proof of vaccination status on their first day. All offers of employment are contingent upon complying with Arista's vaccination policy.
Tags: Analytics APIs AWS Azure Big Data C Cloud CREST DFIR EDR ELK Forensics GCP Incident response Linux Malware Network security Open Source PCAP PowerShell Python SANS SIEM Splunk Windows
Perks/benefits: Competitive pay Conferences Equity Flex hours Flex vacation Health care Salary bonus Unlimited paid time off
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Security Researcher jobs
- Open Chief Information Security Officer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open CISM-related jobs
- Open Pentesting-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open DevSecOps-related jobs
- Open CI/CD-related jobs