Kroll, a division of Duff & Phelps and part of the Governance, Risk, Investigations and Disputes business unit, is the leading global provider of risk solutions. For more than 45 years, Kroll has helped clients make confident risk management decisions about people, assets, operations and security through a wide range of investigations, cyber security, due diligence and compliance, physical and operational security, and data and information management services.
Kroll's Cyber Risk team works on thousands of cybersecurity related incidents and engagements a year, including some of the most complex and highest profile matters in the world. With experts based around the world, supported by ground-breaking technology, we can help protect our client's data, people, operations and reputation with innovative investigations, response and proactive assessments.
Our clients also count on us for rapid, expert support in the event of a cyber incident or attack; we help clients of all sizes respond to incidents and restore stability through deep incident response, investigations, and digital forensics services as well as through eDiscovery, breach notification, identity monitoring and restoration services for individuals affected by a data breach.
This position is remote.
RESPONSIBILITIES:
We are looking for bright, motivated, and inquisitive minds to join our Kroll Responder 24x7 monitoring and response team who are experienced in and passionate about modern cyber threat hunting and active response. Our Senior Associates use leading endpoint detection and response tools to rapidly identify, investigate, and respond to threats and threat actors impacting systems and networks around the globe every day.
Perform ongoing threat hunting, analysis, containment, and remediation of threats identified through advanced endpoint detection and response (EDR), endpoint prevention (EPP), SIEM, and related security tools.
Collect and review relevant forensic artifacts to identify root cause and understand nature of threats.
Develop and communicate written and verbal threat reports associated with events to customers.
Assist in ongoing research, development, and testing of enhanced threat detection and response tools, techniques, and indicators.
Support incident engagement teams with active intrusion detection and response tasks.
Conduct threat research, forensic analysis, and basic malware analysis of threats.
Actively participate in related client meetings and teleconferences.
Assist clients with questions regarding threat detections, EDR tools, deployment, and maintenance.
REQUIREMENTS:
Bachelor's degree or higher in Computer Science, Cyber Security, Computer Engineering, or similar technical degree.
Minimum 3 years' experience in threat hunting, detection, and response or equivalent experience.
Ability to respond rapidly, multi-task, and communicate effectively both verbally and in writing with customers, team members, and engagement managers.
Highly motivated, tenacious, assertive problem solver with a desire to analyze root cause and reach effective conclusions to active intrusions and incidents on an ongoing basis both individually and as part of larger response teams.
Solid understanding of Windows operating system fundamentals, architecture (File System, registry, processes, binaries, DLL's, etc.) and administration concepts. Similar understanding of MacOS and/or Linux a plus.
Prior experience actively using endpoint threat detection and response (EDR) products to investigate threats such as VMWare Carbon Black, Windows Defender ATP, Crowdstrike Falcon, Sentinel One, Trend Micro XDR, Tanium, or others.
Understanding of common threat actor techniques, malware behavior and persistence mechanisms.
Working knowledge of various scripting languages and tools (PowerShell, Python, VB, Yara)
Working knowledge of TCP/IP and related networking concepts.
Prior experience using Splunk or other SIEM solutions, intrusion detection solutions, or related security products.
Relevant cyber security certifications including CISSP, GCIA, GCIH, GCFA, GMON, or GREM a plus.
Excellent written and verbal communication skills
Availability for occasional after-hours, weekends, and/or holiday work in response to active incidents.
