Cyber Security Analyst III

Cyber Security Analyst III

Careers | Posted Positions

Cyber Security Analyst III

Cyber Security Analyst III

Company Overview

PacketWatch is a privately-owned boutique cybersecurity consulting firm that delivers enterprise-class security services to identify, detect, and respond to cyber-threats that have circumvented traditional information security controls. Our experienced consultants, threat hunters, forensic experts, and cyber security analysts help organizations gain confidence in their security posture with assessment, managed security, and incident response services. The team uses a proprietary full-packet-capture network monitoring, analysis, and investigation platform to improve the visibility of network anomalies, enrich cases with intelligence, and resolve complex incidents quickly. 

Responsibilities

As a senior member of the Service Delivery Team, the Cyber Security Analyst III is an expert in hunting, triaging, analyzing, and investigating potential security incidents and threats across our diverse client base. Major duties include leading complex security incidents and investigations, client onboarding activities, conducting host forensics, network forensics, log analysis, and malware triage in support of incident response investigations, utilize PacketWatch and 3rd-party endpoint detection and response technologies to conduct large-scale investigations and examine endpoint and network-based sources of evidence, recognize and codify attacker TTPs (tools, tactics, and procedures) and IOCs (indicators of compromise) for application to concurrent or future investigations; build scripts, queries or methodologies to facilitate incident investigation processes; develop and present readable yet comprehensive and accurate reports and presentations for both technical and executive audiences; and work with clients’ security and IT operations teams to implement remediation plans in response to incidents. The Cyber Security Analyst (III) works closely with other less experienced analysts to investigate complex or advanced incidents proactively and identify threats, vulnerabilities, and exploits (threat analysis, threat hunting, intrusion analysis).

Requirements / Profile

The ideal candidate will:

  • Be passionate about cyber security, finding threats, identifying new detection techniques, and providing excellent client support and satisfaction;
  • Enjoy the details of day-to-day tactical execution of threat hunting, intrusion analysis, and incident response;
  • Be a self-driven, team-oriented, and highly motivated technology professional familiar with appropriate experience in endpoint security analysis, network security monitoring (NSM), Security Incident and Event Management (SIEM) systems, next-generation security devices, forensics, and incident response;
  • Possessing deep technical knowledge and a sense of urgency, able to interact extensively with clients and partners using a confident tone and professional etiquette;
  • Able to see the big picture, understanding evolving attacker behavior and motivations, participate and manage multiple client-facing projects, and help to train/mentor other security consultants;
  • Possess sound business acumen, strong consulting skills, current technical skills and be adept in leading multiple projects under tight deadlines;
  • Take responsibility for customer satisfaction and overall success of IR/MDR services;
  • Be available, ready, and able to accept incoming calls, respond in a timely manner to client requests and security events, adhere to policies, procedures, and security best practices;
  • Document actions and effectively communicate information internally and to customers; and
  • Develop improvements for operational playbooks, tools, detection capabilities, workflows, and train and mentor fellow security engineers and security analysts.

Qualifications for Success

  • Bachelor’s Degree (or equivalent experience) with 5 or more years technical experience
  • Experience with at least three of the following:
    • Windows disk and memory forensics;
    • Network security monitoring, network traffic analysis, and log analysis;
    • OSX or Linux disk and memory forensics;
    • Static and dynamic malware analysis;
    • Thorough understanding of enterprise security controls in Active Directory/Windows environments;
    • Cloud (AWS, Azure, M365) security controls, logs, tools, and forensics; or
    • Experience building scripts, tools, or methodologies to enhance investigation processes
  • Additional Qualifications:
    • Effectively solving problems, communicating investigative findings and strategies to technical staff, executive leadership, legal counsel, and internal and external clients;
    • Effectively develop documentation and explain technical details in a concise, understandable manner;
    • Strong time management skills to balance time among multiple tasks, and lead junior staff when required; and
    • Must be able to work in the US without sponsorship

Location

Scottsdale, Arizona, United States

Apply

Send your resume and cover letter for this Cyber Security Analyst III position to careers@packetwatch.com

Cyber Security Analyst I

Cyber Security Analyst I

Careers | Posted Positions

Cyber Security Analyst I

Cyber Security Analyst I (Specialist)

Company Overview

PacketWatch is a privately-owned boutique cybersecurity consulting firm that delivers enterprise-class security services to identify, detect, and respond to cyber-threats that have circumvented traditional information security controls. Our experienced consultants, threat hunters, forensic experts, and cyber security analysts help organizations gain confidence in their security posture with assessment, managed security, and incident response services. The team uses a proprietary full-packet-capture network monitoring, analysis, and investigation platform to improve the visibility of network anomalies, enrich cases with intelligence, and resolve complex incidents quickly. 

Responsibilities

As a customer-facing member of the Service Delivery Team, the Cyber Security Analyst I (Specialist) will perform initial triage, investigation and escalations; investigate alerts and alarms to provide details for incident response team;  serve as an initial point of contact for investigation and remediation; assess vulnerability and threat data from a variety of sources to provide actionable intelligence to internal consumers; implement countermeasures and maintain and enhance the defenses for internal information systems and resources; front line of defense for internal and clients’ assets with clear vision and situational awareness in a persistent, dynamic, and highly complex threat environment.

In addition, the Cyber Security Analyst I (Specialist) will:

  • Utilize PacketWatch and third-party endpoint detection and response technologies to investigate, assess and remediate endpoint and network-based threats;
  • Utilize related security automation and orchestration tools communicate security events and incidents to the applicable Incident Response Team personnel and/or management and recommend security actions according to daily checklists;
  • Perform initial investigations on mixed Linux, Mac and Microsoft Windows environments, including network devices, databases, web services, and enterprise applications;
  • Coordinate with internal infrastructure support teams to maintain/trouble shoot security tools and monitoring integrity;
  • Provide front-line support for PacketWatch MDR and IR clients as required;
  • Working as part of a larger dynamic team in a contributive, supportive and respectful manner.
  • Document actions taken, observed IOCs, maintain metrics and proper reporting of observations.

Requirements / Profile

The ideal candidate will be passionate about cyber security, assessing threats, detecting adversary tactics and techniques, and providing excellent client support and satisfaction. He or she will enjoy the details of day-to-day tactical execution of monitoring, intrusion analysis and incident response. He or she must be a self-driven, team oriented, and highly motivated technology professional familiar with some experience in endpoint security analysis, network security monitoring (NSM), Security Incident and Event Management (SIEM) systems, next generation security devices, forensics, and/or incident response.

The successful candidate will possess the following required skills/attributes:

  • Possessing a core understanding of security concepts and techniques; demonstrated knowledge of networking (TCP/IP, topology, and security), operating systems (Windows/Mac/Linux), and web technologies (IIS, Apache);
  • Demonstrated ability to collect, read and interpret system data, including, but not limited to, security event logs, system logs, and firewall logs;
  • Grasps and applies new information quickly and handles complex assignments; communicates well; demonstrates initiative on assignments, demonstrating problem solving skills; exercises independent judgment and professionally executes projects with little direction; and
  • Ability to work weekends, holidays, or non-traditional schedules as needed. Must be able to work in the US without sponsorship.

Qualifications for Success

  • Hands-on administrative experience with major operating systems (Windows, OSX, Linux);
  • Traditional network monitoring experience (packet/protocol analysis);
  • Foundational experience in any of the following areas including: hardware, networking, authentication, architecture, protocols, file systems and operating systems, Intrusion Detection/Intrusion Prevention Systems (IDS/IPS), network security monitoring (NSM), SIEM, endpoint detection and response systems, vulnerability management, incident response, and investigations and remediation;
  • Relevant Industry certifications (e.g. CISSP, GSEC, GCIH or Sec+, MSCE, CCNA, CWNA and/or Net+);
  • Knowledge of trouble isolation, log analysis, data and event correlation and analysis;
  • Competence with scripting languages and technologies (PowerShell. Python, Ruby, Java);
  • Effectively develop documentation and explain technical details in a concise, understandable manner; and
  • Strong time management skills to balance time among multiple tasks.

Location

Scottsdale, Arizona, United States

Apply

Send your resume and cover letter for this Cyber Security Analyst I (Specialist) position to careers@packetwatch.com

Senior Software Engineer

Senior Software Engineer

Careers | Posted Positions

Senior Software Engineer

Senior Software Developer

Company Overview

PacketWatch is a privately-owned boutique cybersecurity consulting firm that delivers enterprise-class security services to identify, detect, and respond to cyber-threats that have circumvented traditional information security controls. Our experienced consultants, threat hunters, forensic experts, and cyber security analysts help organizations gain confidence in their security posture with assessment, managed security, and incident response services. The team uses a proprietary full-packet-capture network monitoring, analysis, and investigation platform to improve the visibility of network anomalies, enrich cases with intelligence, and resolve complex incidents quickly. 

Responsibilities

As a member of the Product Development Team, the Senior Software Engineer:

  • Work with a small team of engineers & developers, to ensure timely delivery of features and enhancements against a product roadmap while adhering to best coding practices.
  • Regularly assess current dashboard functionality, modules, and data visualizations and suggest improvements and new ways to engage with collected data.
  • Lead and engage in architectural reviews, documentation, code reviews, and peer feedback on design, integrated tools, code modules, and code efficiency.
  • Be available to provide high-level response and insight into customer issues and customer integration strategies for Sales Team and other direct customer-facing team members.
  • Contribute to technical design documents and communication of the architectural impact across functional areas, from customer-facing product to internal only facing processes/tools.
  • Develop code, contribute to product design, provide guidance regarding efficiency opportunities.
  • Comply with coding standards, application security, IP protections and assist other team members on compliance.

Requirements / Profile

The successful candidate will possess the following characteristics:

  • Strong analytical, problem solving skills, excellent verbal and written communication skills
  • Self-starter with excellent interpersonal, motivational, and facilitation skills
  • Excellent communication skills, both verbal and written. Loves to explain the technology and has a gift for concisely explaining complex topics.
  • Committed to a culture of continuous improvement.
  • Exceptional customer service skills, in addition to extensive experience working in a team-oriented, collaborative environment.
  • Ability to effectively prioritize and execute tasks on time.
  • Passionate about technology.

In addition, the successful candidate will possess the following technical skills:

  • Strong and demonstratable knowledge of multi-tenant, web application development with an emphasis on the presentation and visualization of data from large scale sources; with a minimum of 5 years development experience.
  • Strong and demonstratable experience with 3 or more of the following languages and toolsets:
    • Web development using Flutter, React, NodeJS, or Angular JS;
    • Database experience using MariaDB, PostgreSQL, Cassandra, Cockroach DB or other;
    • Experience with IDS tools such as Zeek, Suricata and/or SNORT;
    • Experience developing and deploying large scale ElasticSearch systems including experience with Kibana, Logstash, Kafka, and Beats;
    • Development experience with Java, Go, Python and Redis;
    • Familiarity with Jira/Atlassian;
    • REST API development experience;
    • Strong GIT version control skills; and/or
    • Strong Linux, Bash, Automation skills.
  • Strong and demonstratable knowledge of networking concepts including TCP/IP, TLS.
  • Familiarity with Test Driven Development practices on an agile environment.
  • Experience working with and refactoring existing code.
  • Solid understanding of application vulnerabilities and security.
  • Must be able to work in the US without sponsorship.

Location

Scottsdale, Arizona, United States

Apply

Send your resume and cover letter for this Senior Software Engineer position to careers@packetwatch.com