Actor

Overview

Active Threat Assessment Consultant Responsibilities

Comprehend enterprise-wide policies and treatments for IT risk mitigation as well as incident action. Experience within incident action groups and managing projects across all phases of an engagement. Work as part of a team of experts with abilities described below, with the ability to work independently as well as part of a larger internal and client-facing team. Proficiency in coding or scripting is advantageous (PowerShell, Python, Bash). Forensic Analysis & Case Action Abilities : forensically assess Windows and Linux for evidence of compromise; knowledge of macOS forensics is beneficial. Knowledge of industry-standard forensic tools such as EnCase, FTK, X-Ways, Sleuthkit. Experience performing log evaluation locally and via SIEM / log gathering tools. Experience identifying threat indicators in enterprise networks and cloud environments. Experience with Endpoint Detection & Response (EDR) devices. Understand actions, security risks, and controls of common network methods; knowledge of typical Windows and Linux enterprise applications. Experience with Active Directory, Exchange, and Office 365 logs; knowledge of data analysis across networks. Experience with cloud computing platforms (IBM Cloud, AWS, GCP or Azure). Experience in writing natural-language reports for both technical and non-technical audiences. Knowledge of the ELK stack and / or Splunk for analysis of large data sets. Assessment Experience : Analyze and evaluate client internal procedures to identify patterns and gaps at a tactical level; propose proper actions to strengthen the incident action program and cybersecurity posture. Qualifications

Experience in threat assessment, incident response, and cybersecurity program development. Strong analytical and communication skills; ability to translate technical findings to non-technical stakeholders. Experience with Windows, Linux, and cloud environments; familiarity with enterprise tooling and security controls. Preferred : scripting proficiency (PowerShell, Python, Bash) and familiarity with EDR, SIEM, and log management.

#J-18808-Ljbffr