Qualifications

• 5+ years of experience in a technical role in the areas of Security Operations, Malware analysis, Threat Intelligence, Cyber Incident Response, or Penetration Testing/Red Team  
• Comfortable working with extremely large data sets for analysis and visualization, using tools and scripting languages such as: Excel, SQL, Python, Splunk Query Language, Kusto query language and PowerBI 

• Ability to track, analyze, and brief on new and ongoing cyber-attacks in cloud infrastructure with understanding on AAD, ADFS and popular authentication/authorization protocols like SAML, OAUTH, OpenID connect 

• In-depth understanding of latest cloud-based techniques used by attackers for persistence, privilege escalation, defense evasion and lateral movement in platforms such as Azure AD, Office 365 and Google Workspace  

• Functional understanding of common threat analysis models such as the Diamond Model, Cyber Kill Chain, and MITRE ATT&CK.  

• Advanced experience using analysis tools (e.g. file/network/OS monitoring tools and/or debuggers) and advanced knowledge of operating system internals and security mechanisms    

• Excellent cross-group and interpersonal skills, with the ability to articulate business need for detection improvements and strong ability to use data to ‘tell a story’.    

Following additional experiences are favorable, but not required:  

• Technical BS degree preferred in Computer Science, Computer Engineering, Information Security, Mathematics, or Physics  

• Experience with system administration in a large enterprise environment including Windows and Linux servers, along with workstations, network and cloud administration. For example, expertise in EDR (Microsoft Defender for Endpoint), MDO, MDI, MCAS, MTP or M365D  
• Experience with system administration in a large enterprise environment including Windows and Linux servers and workstations, network administration, cloud administration.  
• 1+ years of experience developing software or tools using C++, C#, Python, Ruby, or similar , kusto 
• Experience with reverse engineering, digital forensics (DFIR) or incident response, or machine learning models  
• Experience with offensive security including tools such as Metasploit, exploit development, Open Source Intelligence Gathering (OSINT), and designing ways to breach enterprise networks   

• Experience with advanced persistent threats and human adversary compromises  
• Additional advanced technical degrees or cyber security-based certifications such as CISSP, OSCP, CEH, or GIAC certifications