All services are custom-configured, allowing our clients to leverage internal cybersecurity tools, resources, and procedures, as required. The PacketWatch dashboard provides information technology and cybersecurity professionals with total visibility of their network—integrating full packet capture, intrusion detection, extensive intelligence, and network replay to investigate unusual network activities. Our managed detection and response services allow midsize and enterprise clients to add threat hunting activities and expertise to their teams, quickly.

Responsibilities

As a member of the Security Team, the Cyber Security Analyst II is well-versed in hunting, triaging, analyzing, and investigating potential security incidents and threats across our diverse client base. Major duties include supporting complex security incidents and investigations; conducting host forensics, network forensics, log analysis, and malware triage in support of incident response investigations; utilize PacketWatch and 3rd-party endpoint detection and response (EDR) technologies to conduct large-scale investigations and examine endpoint and network-based sources of evidence; recognize and codify attacker TTPs (tools, tactics, and procedures) and IOCs (indicators of compromise) for application to concurrent or future investigations; build scripts, queries or methodologies to facilitate incident investigation processes; develop and present readable yet comprehensive and accurate reports and presentations for both technical and executive audiences; and work with clients’ security and IT operations teams to implement remediation plans in response to incidents. The Cyber Security Analyst (II) works closely with the Team Leader and with other analysts to investigate complex or advanced incidents proactively and identify threats, vulnerabilities, and exploits (threat analysis, threat hunting, intrusion analysis).

Requirements / Profile

The ideal candidate will:

• Be passionate about cyber security, finding threats, identifying new detection techniques, and providing excellent client support and satisfaction;
• Enjoy the details of day-to-day tactical execution of threat hunting, intrusion analysis, and incident response;
• Be a self-driven, team-oriented, and highly motivated technology professional familiar with appropriate experience in endpoint security analysis, network security monitoring (NSM), Security Incident and Event Management (SIEM) systems, next-generation security devices, forensics, and incident response;
• Possess deep technical knowledge and a sense of urgency, able to interact extensively with clients and partners using a confident tone and professional etiquette;
• Be able to see the big picture, understanding evolving attacker behavior and motivations, participate and manage multiple client-facing projects, and help to train/mentor other security consultants;
• Possess sound business acumen, strong consulting skills, current technical skills and be adept in leading multiple projects under tight deadlines;
• Take responsibility for customer satisfaction and overall success of IR/MDR services;
• Be available, ready, and able to accept incoming work, respond in a timely manner to client requests and security events, adhere to policies, procedures, and security best practices;
• Document actions and effectively communicate information internally and to customers; and
• Develop improvements for operational playbooks, tools, detection capabilities, workflows, and train and mentor fellow security engineers and security analysts.

Qualifications for Success

• Bachelor’s Degree (or equivalent experience) with 3 or more years technical experience
• Core Skills Required:
• Network security monitoring;
• Network traffic/packet analysis;
• Log analysis (Firewall, VPN, Windows event logs);
• Thorough understanding of Enterprise security controls and best practices in a Microsoft Active Directory environment.
• Additional Related Skills:
• Strong knowledge of Windows command line tools;
• Experience with Windows disk and memory forensics;
• Linux or OSX disk and memory forensics; 
• Cloud (AWS, Azure, M365) security controls, logs, tools, and forensics; and
• Experience with Python and/or PowerShell scripting environments and task automation.
• Must be able to work in the US without sponsorship

Location

Scottsdale, Arizona, United States

Apply

Send your resume and cover letter for this Cyber Security Analyst II position to careers@packetwatch.com

Responsibilities

We are looking for a DevOps Engineer to help us build functional and scalable systems, improve customer experience, and integrate additional application functionality. The DevOps Engineer is comfortable rolling up their sleeves to design and code modules for infrastructure, application, and processes. The DevOps Engineer’s responsibilities include deploying product updates, implementing data visualizations, identifying and resolving production issues and implementing integrations on our product roadmap. Ultimately, you will document, execute, and automate operational processes quickly, accurately and securely.

If you have a solid background in software engineering and are familiar with AWS, Terraform, Ansible, Python, PowerShell and ElasticSearch or Splunk, we would like to meet you.

Requirements / Profile

The ideal candidate will:

• Deploy and manage Cloud Infrastructure in AWS (using Terraform, Ansible and other tools).
• Deploy and manage Application updates and fixes.
• Deploy and Manage large-scale ElasticSearch clusters.
• Collaborate with cross-functional teams to debug and troubleshoot application issues.
• Communicate with non-technical decision makers about infrastructure capabilities and risks and champion a strong DevOPs culture.
• Build tools to reduce occurrences of errors and improve customer experience.
• Develop software to integrate with internal back-end systems and third-party sources.
• Investigate and resolve technical issues; Perform root cause analysis for production errors.
• Develop scripts and queries to enhance visualization of data from back-end systems.
• Design procedures for system troubleshooting and maintenance.
• Assist program management team in establishing software release schedules and ensure deployment timeline targets are met.

Qualifications for Success

• Bachelor’s degree or 5+ years of professional or military experience.
• 5+ years of experience as a technical specialist.
• 2+ years of hands-on experience of programming in languages such as Python, Ruby, Go, Swift, Java, .Net, C++ or similar object-oriented language.
• Experience with automating cloud native technologies, deploying applications, and provisioning infrastructure.
• Hands-on experience with Infrastructure as Code, using CloudFormation, Terraform, or other tools.
• Experience developing cloud native CI/CD workflows and tools, such as Jenkins, Bamboo, Code Deploy (AWS) and/or GitLab.
• Hands-on experience with microservices and distributed application architecture, such as containers, Kubernetes, and/or serverless technology.
• Experience with the full software development lifecycle and delivery using Agile practices.
• Experience with Chef, Puppet, Salt and/or Ansible in production environments.
• Knowledge of IP networking, VPN’s, DNS, load balancing and firewalls.
• Experience with monitoring and log aggregating frameworks such as Kafka, Logstash, Splunk, ElasticSearch, and Kibana.
• AWS Certification(s) such as Solutions Architect Pro, DevOps Engineer Pro, SysOps Admin, Developer Associate.
• Strong presentation, verbal communication, and written communications skills.

Location

Scottsdale, Arizona, United States

Apply

Send your resume and cover letter for this DevOps Engineer position to careers@packetwatch.com

PacketWatch is a privately-owned cybersecurity consulting firm that delivers enterprise-class security services to identify, detect, and respond to cyber threats that have circumvented traditional information security controls. PacketWatch services use a proprietary full-packet capture, network monitoring, analysis, and investigation platform to visualize and discover abnormal network activity and patterns over time. Our cybersecurity experts, threat hunters, and analysts help midsize and enterprise organizations gain confidence in their security posture with assessment, managed security, and incident response services. Services include: PacketWatch Network Security Assessment (NSA); PacketWatch Managed Detection and Response (MDR); PacketWatch Enterprise; PacketWatch Incident Response (IR); PacketWatch Advisory Services.

Responsibilities

As a customer-facing member of the Service Delivery Team, the Cyber Security Analyst I (Specialist) will perform initial triage, investigation and escalations; investigate alerts and alarms to provide details for incident response team;  serve as an initial point of contact for investigation and remediation; assess vulnerability and threat data from a variety of sources to provide actionable intelligence to internal consumers; implement countermeasures and maintain and enhance the defenses for internal information systems and resources; front line of defense for internal and clients’ assets with clear vision and situational awareness in a persistent, dynamic, and highly complex threat environment.

In addition, the Cyber Security Analyst I (Specialist) will:

• Utilize PacketWatch and third-party endpoint detection and response technologies to investigate, assess and remediate endpoint and network-based threats;
• Utilize related security automation and orchestration tools communicate security events and incidents to the applicable Incident Response Team personnel and/or management and recommend security actions according to daily checklists;
• Perform initial investigations on mixed Linux, Mac and Microsoft Windows environments, including network devices, databases, web services, and enterprise applications;
• Coordinate with internal infrastructure support teams to maintain/trouble shoot security tools and monitoring integrity;
• Provide front-line support for PacketWatch MDR and IR clients as required;
• Working as part of a larger dynamic team in a contributive, supportive and respectful manner.
• Document actions taken, observed IOCs, maintain metrics and proper reporting of observations.

Requirements / Profile

The ideal candidate will be passionate about cyber security, assessing threats, detecting adversary tactics and techniques, and providing excellent client support and satisfaction. He or she will enjoy the details of day-to-day tactical execution of monitoring, intrusion analysis and incident response. He or she must be a self-driven, team oriented, and highly motivated technology professional familiar with some experience in endpoint security analysis, network security monitoring (NSM), Security Incident and Event Management (SIEM) systems, next generation security devices, forensics, and/or incident response.

The successful candidate will possess the following required skills/attributes:

• Possessing a core understanding of security concepts and techniques; demonstrated knowledge of networking (TCP/IP, topology, and security), operating systems (Windows/Mac/Linux), and web technologies (IIS, Apache);
• Demonstrated ability to collect, read and interpret system data, including, but not limited to, security event logs, system logs, and firewall logs;
• Grasps and applies new information quickly and handles complex assignments; communicates well; demonstrates initiative on assignments, demonstrating problem solving skills; exercises independent judgment and professionally executes projects with little direction; and
• Ability to work weekends, holidays, or non-traditional schedules as needed. Must be able to work in the US without sponsorship.

Qualifications for Success

• Hands-on administrative experience with major operating systems (Windows, OSX, Linux);
• Traditional network monitoring experience (packet/protocol analysis);
• Foundational experience in any of the following areas including: hardware, networking, authentication, architecture, protocols, file systems and operating systems, Intrusion Detection/Intrusion Prevention Systems (IDS/IPS), network security monitoring (NSM), SIEM, endpoint detection and response systems, vulnerability management, incident response, and investigations and remediation;
• Relevant Industry certifications (e.g. CISSP, GSEC, GCIH or Sec+, MSCE, CCNA, CWNA and/or Net+);
• Knowledge of trouble isolation, log analysis, data and event correlation and analysis;
• Competence with scripting languages and technologies (PowerShell. Python, Ruby, Java);
• Effectively develop documentation and explain technical details in a concise, understandable manner; and
• Strong time management skills to balance time among multiple tasks.

Location

Scottsdale, Arizona, United States

Apply

Send your resume and cover letter for this Cyber Security Analyst I (Specialist) position to careers@packetwatch.com

Responsibilities

As a senior member of the Service Delivery Team, the Cyber Security Analyst III is an expert in hunting, triaging, analyzing, and investigating potential security incidents and threats across our diverse client base. Major duties include leading complex security incidents and investigations, client onboarding activities, conducting host forensics, network forensics, log analysis, and malware triage in support of incident response investigations, utilize PacketWatch and 3rd-party endpoint detection and response technologies to conduct large-scale investigations and examine endpoint and network-based sources of evidence, recognize and codify attacker TTPs (tools, tactics, and procedures) and IOCs (indicators of compromise) for application to concurrent or future investigations; build scripts, queries or methodologies to facilitate incident investigation processes; develop and present readable yet comprehensive and accurate reports and presentations for both technical and executive audiences; and work with clients’ security and IT operations teams to implement remediation plans in response to incidents. The Cyber Security Analyst (III) works closely with other less experienced analysts to investigate complex or advanced incidents proactively and identify threats, vulnerabilities, and exploits (threat analysis, threat hunting, intrusion analysis).

Requirements / Profile

The ideal candidate will:

• Be passionate about cyber security, finding threats, identifying new detection techniques, and providing excellent client support and satisfaction;
• Enjoy the details of day-to-day tactical execution of threat hunting, intrusion analysis, and incident response;
• Be a self-driven, team-oriented, and highly motivated technology professional familiar with appropriate experience in endpoint security analysis, network security monitoring (NSM), Security Incident and Event Management (SIEM) systems, next-generation security devices, forensics, and incident response;
• Possessing deep technical knowledge and a sense of urgency, able to interact extensively with clients and partners using a confident tone and professional etiquette;
• Able to see the big picture, understanding evolving attacker behavior and motivations, participate and manage multiple client-facing projects, and help to train/mentor other security consultants;
• Possess sound business acumen, strong consulting skills, current technical skills and be adept in leading multiple projects under tight deadlines;
• Take responsibility for customer satisfaction and overall success of IR/MDR services;
• Be available, ready, and able to accept incoming calls, respond in a timely manner to client requests and security events, adhere to policies, procedures, and security best practices;
• Document actions and effectively communicate information internally and to customers; and
• Develop improvements for operational playbooks, tools, detection capabilities, workflows, and train and mentor fellow security engineers and security analysts.

Qualifications for Success

• Bachelor’s Degree (or equivalent experience) with 5 or more years technical experience
• Experience with at least three of the following:
• Windows disk and memory forensics;
• Network security monitoring, network traffic analysis, and log analysis;
• OSX or Linux disk and memory forensics;
• Static and dynamic malware analysis;
• Thorough understanding of enterprise security controls in Active Directory/Windows environments;
• Cloud (AWS, Azure, M365) security controls, logs, tools, and forensics; or
• Experience building scripts, tools, or methodologies to enhance investigation processes
• Additional Qualifications:
• Effectively solving problems, communicating investigative findings and strategies to technical staff, executive leadership, legal counsel, and internal and external clients;
• Effectively develop documentation and explain technical details in a concise, understandable manner;
• Strong time management skills to balance time among multiple tasks, and lead junior staff when required; and
• Must be able to work in the US without sponsorship

Location

Scottsdale, Arizona, United States

Apply

Send your resume and cover letter for this Cyber Security Analyst III position to careers@packetwatch.com

PacketWatch is a privately-owned cybersecurity consulting firm that delivers enterprise-class security services to identify, detect, and respond to cyber threats that have circumvented traditional information security controls. PacketWatch services use a proprietary full-packet capture, network monitoring, analysis, and investigation platform to visualize and discover abnormal network activity and patterns over time. Our cybersecurity experts, threat hunters, and analysts help midsize and enterprise organizations gain confidence in their security posture with assessment, managed security, and incident response services. Services include: PacketWatch Network Security Assessment (NSA); PacketWatch Managed Detection and Response (MDR); PacketWatch Enterprise; PacketWatch Incident Response (IR); PacketWatch Advisory Services.

Responsibilities

As a member of the Product Development Team, the Senior Software Engineer:

• Work with a small team of engineers & developers, to ensure timely delivery of features and enhancements against a product roadmap while adhering to best coding practices.
• Regularly assess current dashboard functionality, modules, and data visualizations and suggest improvements and new ways to engage with collected data.
• Lead and engage in architectural reviews, documentation, code reviews, and peer feedback on design, integrated tools, code modules, and code efficiency.
• Be available to provide high-level response and insight into customer issues and customer integration strategies for Sales Team and other direct customer-facing team members.
• Contribute to technical design documents and communication of the architectural impact across functional areas, from customer-facing product to internal only facing processes/tools.
• Develop code, contribute to product design, provide guidance regarding efficiency opportunities.
• Comply with coding standards, application security, IP protections and assist other team members on compliance.

Requirements / Profile

The successful candidate will possess the following characteristics:

• Strong analytical, problem solving skills, excellent verbal and written communication skills
• Self-starter with excellent interpersonal, motivational, and facilitation skills
• Excellent communication skills, both verbal and written. Loves to explain the technology and has a gift for concisely explaining complex topics.
• Committed to a culture of continuous improvement.
• Exceptional customer service skills, in addition to extensive experience working in a team-oriented, collaborative environment.
• Ability to effectively prioritize and execute tasks on time.
• Passionate about technology.

In addition, the successful candidate will possess the following technical skills:

• Strong and demonstratable knowledge of multi-tenant, web application development with an emphasis on the presentation and visualization of data from large scale sources; with a minimum of 5 years development experience.
• Strong and demonstratable experience with 3 or more of the following languages and toolsets:
• Web development using Flutter, React, NodeJS, or Angular JS;
• Database experience using MariaDB, PostgreSQL, Cassandra, Cockroach DB or other;
• Experience with IDS tools such as Zeek, Suricata and/or SNORT;
• Experience developing and deploying large scale ElasticSearch systems including experience with Kibana, Logstash, Kafka, and Beats;
• Development experience with Java, Go, Python and Redis;
• Familiarity with Jira/Atlassian;
• REST API development experience;
• Strong GIT version control skills; and/or
• Strong Linux, Bash, Automation skills.
• Strong and demonstratable knowledge of networking concepts including TCP/IP, TLS.
• Familiarity with Test Driven Development practices on an agile environment.
• Experience working with and refactoring existing code.
• Solid understanding of application vulnerabilities and security.
• Must be able to work in the US without sponsorship.

Location

Scottsdale, Arizona, United States

Apply

Send your resume and cover letter for this Senior Software Engineer position to careers@packetwatch.com