Senior DFIR Analyst

Splunk   •  

Plano, TX

Industry: Technology

  •  

5 - 7 years

Posted 61 days ago

This job is no longer available.

Responsibilities:

  • Build strong relationships with business owners and service providers from across Splunk
  • Triage, call out, and contain computer security incidents from across multiple Splunk environments, including segmented public cloud environments
  • Develop and test incident response playbooks
  • Provide digitalforensics services including acquisition, analysis, and reporting for Linux, OSX, and Windows endpoints
  • Conduct log analysis across a diverse ecosystem of technology to locate root cause of incidents
  • Creation and execution of planned and ad-hocthreat hunting missions, which may transition into new detections
  • Research and keep up to date on threat actors and new TTPs
  • Write detailed incident reports and deliver presentations to key business partners
  • Participate in after action reviews and contribute to improvements in the overall security posture of Splunk

Requirements:

  • 5+ years professional IT or IT Security experience; or 3 years and a Master’s degree
  • 2 years or more of experience as a full time incident responder or forensic analyst
  • Knowledge of networksecurity monitoring capabilities including Suricata/Snort signatures, session analysis, and full packet collection
  • Knowledge of detecting threat actors across the entire cyber kill chain
  • Working knowledge of conducting forensic investigations
  • Ability to perform basic static and dynamic malware analysis
  • Working knowledge of Cloud technologies
  • Ability to multitask, prioritize and take-charge
  • Demonstrated history of solving problems with no obvious solutions
  • Good interpersonal skills and ability to see things through the customer’s eyes
  • Solid attention to detail.
  • Bachelor’s degree in computer science, information security or related discipline or equivalent work experience.