Dfir Lead

Help AG is looking for a talented and enthusiastic individual to join as a DFIR Lead for our Defense Operations team within our Managed Security Services (MSS) business unit.

If you have a strong knowledge and interest in incident response and/or digital forensics, this position might be the right one for you.

The DFIR Lead will be responsible for leading the DFIR team and performing off-site and on-site Incident Response activities and customer engagements, leveraging multiple security technologies, guiding and leading customers in the handling of Security Incidents and examining IT and security systems using best-practice digital forensic methods to detect, validate and mitigate IT security related incidents.

• Lead and mentor the DFIR team and act on daily management tasks.
• Lead and coordinate incident response activities in unknown environments, including triage, containment, eradication, and remediation.
• Conduct indepth forensic investigations to determine the root cause of security incidents and breaches.
• Develop and maintain standard incident response plans, best practices, policies, and procedures.
• Develop custom incident response plans tied to specific environments and customer situations.
• Collaborate with crossfunctional teams, including IT, legal, and management, to ensure a coordinated response to security incidents.
• Examinate and analyse logs/data from a broad variety of security technologies, such as but not limited to Antiviruses, IDS/IPS, Firewalls, Switches, VPNs and other security data and log sources.
• Perform forensic analysis of different artifacts including RAM, packet captures, logs and disk images.
• Reverse engineer malicious software and develop signatures and indicators of compromise.
• Actively develop incident response tools, scripts, and various detection content.
• Research Red Team techniques, develop custom detection queries, rules, watchlists and other content, and conduct threat hunts.
• Articulate and execute common Incident Response methods (e.g. SANS).
• Respond to inbound requests via phone and other electronic means for technical assistance with managed services.
• Work onsite as required with clients during Live Security Incidents (could be out of country).
• Maintain a high degree of awareness of the current threat landscape.
• Champion excellence and support others in delivering it through active knowledge sharing with team members, writing technical articles for internal knowledge bases, blog posts and reports as required or requested.
• Create and present customer reports to ensure quality, accuracy and value to the client.
• Provide technical expertise and guidance to junior incident response and forensic investigation team members.
• Stay current with industry trends, emerging threats, and best practices in incident response and digital forensics.
• Perform other essential duties as assigned.

• A degree in Computer Science, Information Systems, Electrical Engineering or a closely related degree.
• A sound knowledge of IT security best practices, common attack types and detection/prevention methods.
• Broad knowledge of the type of events that Firewalls, IDS/IPS and other security related devices produce.
• Demonstrable experience in the use of Digital Forensics tools, techniques and concepts including creating and using custom tools and scripts.
• Static reverse engineering and analysis of malware written in different languages (X86/X64/C/C#, Go, etc.), signatures and Yara/Snort/Sigma rules development.
• Strong knowledge of Red Team tactics and ability to find adversary traces on Enterprise scale.
• Rapid development in scripting languages: Python/PowerShell /Bash.
• Deep TCP/IP knowledge, networking and security product experience.
• Knowledge of attack activities, such as scans, man in the middle, sniffing, DoS, DDoS, etc. and possible abnormal activities, such as worms, Trojans, viruses, etc.
• CISSP, GCIA, GCIH, GCFA, GCFE, GREM, OSCP certification would be preferable.
• 10+ years of experience in information security, in areas such as security operations, intrusion detection, incident analysis, incident handling, log analysis, malware analysis, reverse engineering or threat detection.
• Demonstrate experience in handling Incident Response engagements (APTs and Ransomware) using the SANS Incident Response method (or similar).
• Strong background or equivalent experience in four of the following: Security Threat and Event Analysis, Network Security Operations or Engineering, Reverse Engineering, Malware Analysis, Windows/Linux/OSX Forensics, Penetration Testing, Active Directory and Azure Administration.
• At least 23 years of experience as a Senior or Lead Analyst, or equivalent experience guiding, mentoring and teaching other Analysts/Security Professionals how to handle Security Incidents.

• Health insurance with one of the leading global providers for medical insura