Principle Cyber Incident Response/Security operations consultant | NY

Title: Principle Cyber Incident Response/Security Operations Location: NYC (Remote to start but will eventually require onsite work) Duration: 6-12+ months possible contract to hire Incident Response: In a scope of MITRE ATT&CK framework TTPs conduct incident response investigations

• 4 to 6 years of hands-on technical experience in cybersecurity IR and SOC
• Must have strong knowledge and 2-3 years of hands on experience with endpoint security technologies like FireEye, Crowdstrike, Windows Defender EDR
• Knowledge of network protocols such as TCP/IP, DHCP, DNS, and directory services; this includes analytic tool sets (e.g. WireShark, Fiddler, etc) and network file types (e.g. .har, .pcap, etc).
• Hands on experience in at least 3 of the following areas: network engineering, infrastructure management, desktop management, tier 2/3 help desk, server administration, email administration, or cloud administration.
• Can create simple Powershell, BASH, or Python scripts to automate cybersecurity functions and provide reports, where required. This includes appropriate API use into regular production services.

• AWS, Windows Defender, Windows ATP, FireEye, and Splunk experience ideal
• Security and cloud certifications (CISSP, eJPT, OSCP, CySA+, GCIA, Sec+, CEH, CCSP, AWS, Azure, Google Cloud Platform)
• Experience using programming/scripting languages (Python, Powershell, Bash)
• At least 2 years of experience in a large enterprise SOC environment, preferably in a consultant type role
• Any advanced white, red, purple, or blue team experience involving directed missions, custom tool creation, operations evaluation, and thinking like the attacker