Consultant
Title : Consultant, Managed Security
Work Location : Remote
Reports To : Director, Managed Security
Travel : 0 - 5%
Business Hours : TBD
Work Location : US
Office Location : Remote
Summary :
We fight cybercrime. We protect Humanity. Since 2009, Kivu has provided incident response, risk management, and forensics investigation services to clients around the globe.
Kivu is well known in the cyber security industry for our high level of technical expertise and sound, practical business solutions.
We are a leading provider of managed services, incident response, and digital forensic services to corporate, government, and non-profits across North America and Europe.
If you have a passion for cyber-security and want to make a difference while growing your career and learning new skills, this role is for you!
Job Description :
The Managed Security Consultant is the backbone of our Managed Security business. As a member of our Managed Security Operations team, this individual provides tier 1 and 2 equivalent SOC analytics, triage, and threat hunting while also assisting in the development and delivery of client briefings and reporting.
This role also supports execution of Kivu's service roadmap by working with Senior Security Consultants to engineer new security service capabilities as well as mature and continually improve our current service offers.
Responsibilities include :
- Threat detection and monitoring : Conduct the operation and maintenance of security monitoring technologies, providing for threat detection and triage as required.
- Threat hunting : Proactively search for cyber threats across our customer environments, identifying potential threat actor activity and significant risk exposure.
- Malware Analysis : Perform static and dynamic malware analysis to support our incident response and forensics business as well as further triage events.
Validate threat actor provided decryptors and other data in support of our counter-extortion, threat intelligence, and ransomware negotiation operations.
- Threat Intelligence and Deep / Dark Web Reporting : Collect and integrate threat intelligence on threat actor TTPs into our operations and perform deep and dark web reconnaissance and searches for customer information as required.
- Incident Response : Provide incident remediation support and guidance to clients and referrals to our dedicated incident response and forensics team as needed.
- Vulnerability Scanning : Configure vulnerability scanning and reporting to our advanced services clients, advising them on how to reduce their exposure and manage their risks.
- Service Evolution : Work with management and Senior Consultants to develop and document new or improved security operations and customer success processes.
- Roadmap Execution : Train on new security capabilities to increase value and reduce customer risk while supporting internal projects to build these new offers.
- Customer Success : Build and present customer reports and data relating to the security status of their environments.
Requirements :
- 3-5 years of experience in cybersecurity, with material experience operating within a SOC or equivalent.
- Understanding of cybersecurity concepts and exposure to security technologies such as EDR, SIEM, IDS / NDR, and others.
- Exposure to and understanding of network protocols, data on the wire, and darkweb or covert channels.
- Familiarity with Unix / Linux / Mac / Windows operating systems, including bash and PowerShell.
- Demonstrated ability to think critically and independently while performing security triage and analyzing data for potential security alerts.
- Ability to document and explain technical details.
- Verbal and written English communication skills, with the ability to communicate relevant information to technical stakeholder.
Preferred Requirements :
- Exposure with host-based forensics, network forensics, malware analysis and data breach response
- Network penetration testing and manipulation of network infrastructure.
- Email, phone, or physical social-engineering assessments.
- Shell scripting or automation of simple tasks using Perl, Python, or Ruby.
- Developing, extending, or modifying exploits, shellcode or exploit tools.
- Reverse engineering malware, data obfuscators, or ciphers.
Benefits
Our competitive benefits include flexible PTO, a 4-day work week (for some roles), employer covered health insurance (where applicable), matching on retirement accounts, and more!