Offers “CGI”

Expires soon CGI

Incident Response Lead

  • Fairfax (Linn)
  • IT development

Job description

Job Description

Incident Response Lead

Position Description
The Incident Response Lead is part of the Global Advanced Threat Management Office conducting cyber research, threat hunting, incident response, forensics analysis, red team operations, malware reverse engineering and innovations.
The candidate should be able to demonstrate a thorough understanding of Cyber security and in-depth knowledge and experience around Incident Response, computer networking fundamentals, modern threats and vulnerabilities, attack methodologies, threat actors and forensics methodologies and tools. The candidate shall keep up to date and any advanced cyber concepts.
The Advanced Threat Management Office is CGI’s global corporate multi-disciplinary team of highly skilled experts across various geographies with primary objective to manage advanced cyber security threats.
This is a global position and work will be performed from a CGI regional office with limited travel. Due to the nature of the role some flexible working is afforded to the successful applicant.
This role is primarily centered around providing Incident Response Technical Leadership in the North American region.

Your future duties and responsibilities
Incident Response
The person is responsible for leading the in-depth investigation of networks and host analysis to analyze and determine the attack vector, establish a timeline of activity, and identify the extent of the compromise.
The individual should be able to work effectively with minimal support from management and the other regional incident response leads.
The individual will be responsible for leading Incident Response Technical Investigations from start to finish. This will include:
• Determination of the scope of a technical incident response engagement during Incident Management meetings.
• Working with the Incident Management team to deliver recommendations and remediation plans following the investigation of an incident.
• Producing both technical reporting and management level reporting on each engagement.
• Ensuring that the GSOC Blue Team Leader is kept fully up to date with the progress of any incident response engagement.
• Championing the use of CGI’s IR processes and information tracking methodologies.
The individual will also be responsible for (along with the other regional IR leads and the CGI GSOC Blue Team lead) helping to ensure the continual development of CGI’s incident response capability along with the wider GSOC capabilities.

Forensics
The person will be responsible to perform collection of endpoint or network evidence with forensically sound procedures, document evidence handling with chain-of-custody procedures to analyze and determine the attack vector, establish a timeline of activity, and identify the extent of the compromise. This type of work is performed in evidential manner to support potential litigation requirement.

Innovation
The person will, work with the other members of the IR team to examine, develop and review IR methodologies, tools, systems or processes that may be used within CGI.

Threat Hunting
The person is responsible for performing analyst-driven investigations rather than relying on signature or rule-based detection mechanisms by consulting CGI’s internal and other public threat intelligence sources. In addition, hunting and investigating is proactive, seeking out IOCs and incidents rather than waiting to be alerted and reacting. The person will leverage analysis of all kinds of data using sophisticated quantitative methods (such as statistics, machine learning, descriptive and predictive data mining, and simulation and optimization).

Malware Reverse Engineering and Research
The person will work with the team to examine malicious software to understand the nature of their threat. This task can involve reverse-engineering the compiled executable and examining how the program interacts with its environment using static or dynamic methodology.

Other
• Participate in innovation projects & technology evaluation, deployment, build,
• Work with the team to define advanced threat process and best practices
• Provide advanced threat awareness and education to members of the team
• Assist and mentor a diverse team of analysts in Global SOC
• Assist with the other GSOC teams as directed, these include the Red and Purple teams.

Required qualifications to be successful in this role
The candidate should have proven expert level knowledge and experience in the following areas:
• Incident Response
• Incident Response Incident Leadership

The candidate should have expertise and strong experience (3+ years) in at least two of the following areas:
• Cyber Threat Hunting
• Forensics analysis (host, network)
• Static and/or Dynamic Malware analysis
• Reverse engineering
• Cyber research and Threat intelligence
• Cyber analysis with big data

Other Essential Requirements include;
• The candidate must have excellent working level skill in the English language, other languages are a bonus.
• The candidate must be located in North America.
• The candidate must provide a CV in English.
• Strong understanding of networking fundamentals (all OSI layers, protocols, etc.)
• Strong understanding of Windows/Linux/Unix operating systems.
• Strong understanding of Incident Response methodologies and tools, and proven experience and ability to deliver in complex Incident Response scenarios.
• Strong understanding of operating system and software vulnerabilities and exploitation techniques.
• SIEM Experience (e.g. Arcsight, Splunk, Logpoint)
• Host analysis Experience with Forensics/EDR tools (enCase, FireEye, CarbonBlack, RSA ECAT, Crowdstrike, Endgame)
• Network analysis experience with Network sensors (Fireye, Cisco, Fortinet, TrendMicro)
• Malware Analysis (Static Analysis or Dynamic Analysis of captured file, Reverse Engineering)
• Experience of utilizing threat intelligence sources
• Penetration testing experience
• Ability to deliver high quality reporting on technical issues identified and providing remediation guidelines.
• Programming languages C/C++, Python, Ruby, Assembly, Bash, Powershell
• User investigations, Behavioral Analysis technology and or processes
• Incident Response Certifications (Various)
Desirables
• Degree in IT Security, Engineering or Technology related fields a major plus, or equivalent industry experience.
• Knowledge of malware packing, obfuscation, persistence, exfiltration techniques.
• Experience with tools: IDA Pro, radare2, OllyDbg, WinDBG.
• Experience using other big data analysis platforms and the development of advanced queries used to interrogate big data sources.
• Experience with Machine Learning & Artificial Intelligence
• Any formal certification in Incident Response, Incident Management or Digital Forensics Investigations.

Build your career with us.

It is an extraordinary time to be in business. As digital transformation continues to accelerate, CGI is at the center of this change—supporting our clients’ digital journeys and offering our professionals exciting career opportunities.

At CGI, our success comes from the talent and commitment of our professionals. As one team, we share the challenges and rewards that come from growing our company, which reinforces our culture of ownership. All of our professionals benefit from the value we collectively create.

Be part of building one of the largest independent technology and business services firms in the world.

Learn more about CGI at www.cgi.com.

No unsolicited agency referrals please.

CGI is an equal opportunity employer.

Skills

·  Incident Response
·  Communication (Oral/Written)

Reference

671120

Make every future a success.
  • Job directory
  • Business directory