Arete Incident Response is leading cyber-incident response and security provider. Our mission is to help our clients to reduce the burden of preparing for, detecting, and responding to cyber-incidents, while also deploying preventative measures before and post-incident. At Arete, you will have the opportunity to work alongside and learn from some of the top minds in the cyber industry. You will also know that you are contributing to the health and safety of organizations -- not only major corporations, but also critical services such as hospitals and local government.
Our culture is focused on personal growth, excellence in everything we do, and a commitment to giving back to our communities. We are an elite team of cyber superheroes that strives to make a positive impact on the world every day. We seek top talent to join our team and contribute together for our, and your, success.
As an Incident Response (IR) Restoration Technician, you are a part of the first responder service team who ensure we meet and exceed our service level agreements, and Arete’s “best practices.” Being on Arete’s Restoration team requires the ability to be on call, and at the ready to deploy at a moment's notice. In this role, you are a first responder to cybercrime attacks, impacting hundreds of small and midsize clients across the US, every day.
Roles & Responsibilities
- Act as a team member providing incident response & analysis services involving both on-site/deployed and remote/lab-based activities.
- Analyze events, alerts, and logs from both network (proxies, firewalls, IDPS, SentinelOne, network forensics) and endpoint computing devices (smart devices, laptops, workstations servers) for tactical IR purposes to identify malicious and activity of interest.
- Analyze netflow and packet capture data.
- Provide critical guidance and skills on remediation tasks to reduce client downtime, specific to the attack type (variant). Intercept any problematic recommendations or decisions local IT might make to create further issues, complications, costs in reducing client downtime or destroy key artifacts for the Forensics investigation.
- Troubleshoot Arete’s recommended EDR tool SentinelOne (S1), to contain and stop any further spread of malware. Creating operational efficiency, reducing time and costs & client downtime.
- Facilitate Targeted Collection using local collection tools OnSite (send to the lab for processing, analysis) or assist Forensics leads with remote capture and Forensics Investigation and analysis. Flag systems that could have contained PII & PHI for collection and analysis.
- Assess network layout and architecture in context of responding to incidents for response and recovery.
- Execute Advanced Persistent Threat (APT) “hunting” / analysis operations.
- Formulate strategic mitigation recommendations and/or plans.
- Leverage working knowledge of IR frameworks for live forensics and analysis.
- Configure/execute sweep parameters using tools such as Mandiant Intelligent Response (MIR) or Google Rapid Response (GRR).
- Assist in managing IR engagements and communicating with customers and stakeholders.
- Develop final engagement reports and brief senior officials’ requirements.
- Up to 50% travel required.
- Other duties as assigned.
Skills and Experience Requirements
- 3+ years’ experience involving work directly related to listed skill areas and equivalent to abilities typically held by recent graduates with Bachelor’s degrees in a technical field OR;
- Bachelor’s Degree in a technical field
- Strong communications and technical writing skills
- Strong team player with the ability to conduct daily duties autonomously DESIRED
- Understanding and knowledge of various log formats from a variety of network and computer devices
- Familiarity with memory captures and analysis of them
- Experience and familiarity with tactical triage of binaries for surface and run time analysis for incident response purposes
- Understanding and working knowledge of common critical network protocols and layer 7 technologies such as SMTP, HTTP, HTTP/S, SSL/TLS, DNS, FTP, SSH, and others
- Familiarity with advanced persistent threats (APT) and their tactics, techniques, and procedures (TTPs)
- Familiarity with the Kill Chain™ for incident response
- Fundamental understanding of Windows, Mac OSX, and Linux operating systems
- Possess basic programming or scripting skills
- Fundamental understanding of OSI model, basic networking and troubleshooting concepts
- Familiarity with virtualization software
- CISSP, CEH, SANS/GIAC, or similar certifications
When you join Arete…
You’ll be doing work that matters alongside other talented people, transforming the way people, businesses, and things connect with each other. Of course, we will offer you great pay and benefits, but we’re about more than that. Arete is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Arete, where experience matters.
Equal Employment Opportunity
We’re proud to be an equal opportunity employer and celebrate our employees’ differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.