Our client is seeking a Specialist in Digital Forensics and Incident Response. The incumbent will be responsible for Incident Response & Digital Forensics, Threat Hunting, Security Monitoring & SIEM Analysis, Reporting, Documentation and Compliance.

Job Description:

• Incident Response & Digital Forensics
o Lead/Manage end-to-end incident handling, including triage, containment, eradication, recovery, and post-incident analysis
o Perform disk, memory, and network forensics to analyze security breaches and compromised systems
o Utilize forensic tools to collect and analyze evidence
o Collaborate with SOC analysts to analyze security alerts, determine attack vectors, and assess impact
o Maintain a forensic evidence chain of custody and generate comprehensive reports

• Threat Hunting
o Conduct adversary tracking and IOC (Indicators of Compromise) analysis
o Develop and execute proactive threat hunting strategies based on MITRE Adversarial Tactics, Techniques and Common Knowledge (ATT&CK), Tactics, Techniques and Procedures (TTPs), and anomaly detection
o Lead and participate in threat modeling exercises to anticipate and mitigate potential risks
o Investigate malicious network traffic, anomalous user behavior, and suspicious system events.
o Assist in automating threat hunting processes using Python, PowerShell, and KQL queries
• Security Monitoring & SIEM Analysis
o Analyze alerts from SIEM Analysis
o Develop custom SIEM correlation rules, dashboards, and detection use cases
o Write queries for advanced log analytics and hunting in Azure Sentinel
o Create custom SIEM correlation rules and dashboards to improve SOC visibility

• Reporting, Documentation & Compliance
o Document and maintain incident response playbooks, standard operating procedures (SOPs) and best practices
o Generate detailed forensic and threat intelligence reports for internal stakeholders and executive leadership
o Maintain compliance with standards such as ISO 27001
o Contribute to training and awareness programs for SOC teams and colleagues

Skill sets:
• Good knowledge of Windows, Linux, MacOS forensic artifacts and investigation methodologies
• Possess foundation in Internet protocols (TCP/IP) and security concepts
• Proficiency in disk, memory, and network forensic analysis
• Hands-on experience with SIEM, EDR (Endpoint Detection & Response), XDR, and forensic tools
• Familiarity with MITRE ATT&CK, Cyber Kill Chain, Diamond Model, and threat modeling methodologies
• Scripting skills (Python, PowerShell, or Bash) for automation and log analysis
• Ability to understand and analyze log and network packet data (incl. SNARE, CEF, PCAP and Netflow)
• Possess foundation in security threat and attack counter measure
• Strong analytical, investigative, and problem-solving skills with attention to detail
• Possess time management and organizational skill
• Effective (written, oral, listening) communication skill
• Ability to build and maintain cross-functional relationships with a variety of stakeholders

Education / Experience:
• Possess at least 3 years of relevant working experience in SOC environment
• Familiar with DFIR & Threat Hunting Process SOP and Technical SOP
• Degree or Diploma in Cybersecurity with certification in one of the following
o GIAC
o GCFA
o GCFE
o GCIH
o OSCP
o CEH
o CISSP
o CySA+