DFIR Section Head

Job description / Role

Description

The threat analysis and DFIR section head will lead a team responsible for developing, analyzing, and coordinating cyber threat intelligence. He or she will lead the team in conducting thorough digital forensic investigations and incident response activities to mitigate cybersecurity incidents effectively. He or she will also oversee malware analysis efforts to understand and counteract sophisticated threats. As a leader in the field, he or she will play a critical role in guiding the team toward effective threat mitigation strategies and ensuring the organization's cybersecurity posture remains resilient in the face of evolving threats.

Job duties:

• Lead digital forensic investigations and incident response efforts, ensuring timely identification, containment, eradication, and recovery from cyber incidents.
• Monitor and analyze digital evidence and network traffic for security incidents, leveraging honeypots to detect and study malicious activities and intrusions, enhancing our understanding of emerging threats and attack vectors.
• Manage the identification and analysis of threat actors and tactics, coordinating team efforts to uncover sophisticated attack methodologies and provide actionable insights for proactive threat mitigation.
• Plan and deploy digital forensic tools and resources, optimizing their utilization for efficient and accurate analysis. Additionally, oversee the digital forensic toolkit to address evolving cyber threats.
• Lead the creation and implementation of detailed incident response plans, collaborating across teams to refine strategies and ensure swift, effective responses to cyber incidents, increasing organizational resilience.
• Manage honeypots to gather threat intelligence, ensuring their deployment and maintenance. Utilize honeypot data to enhance understanding of emerging threats and adversary tactics.
• Oversee the collection and analysis of threat intelligence from various sources, collaborating to enhance organizational resilience against cyber threats.
• Generate timely incident reports and threat assessments, providing actionable insights to stakeholders and contributing to proactive defense strategies.
• Manage a team of analysts specializing in advanced malware analysis to identify, mitigate, and respond to malicious software threats effectively.
• Collaborate with cross-functional teams for incident response coordination, fostering a cohesive and proactive approach to cybersecurity.

Requirements

• Bachelor degree in computer science, computer engineering, or any related engineering degree.
• (8+) years in software development, automation, system engineering, information security, and DFIR.
• Good knowledge of threat intelligence standards and frameworks such as OpenIoC, STIX, TAXII, Yara, and detection rules.
• Knowledge of cyber threats, vulnerabilities, reverse engineering, regex, databases, and programming languages.
• Proficiency in analyzing advanced malware threats and identifying malicious software behaviors.
• Ability to perform static and dynamic malware analysis.
• Developing strategies to mitigate and respond to malware attacks effectively.
• Demonstrated ability to mentor and develop team members, fostering a culture of collaboration, innovation, and continuous learning.
• Proven experience in managing complex projects and initiatives, with a focus on delivering results within established timelines and budgets.
• In-depth understanding of automation and information security technologies and protocols.
• The ability to stay anonymous while surfing the public and dark web.
• Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
• Knowledge of cybersecurity frameworks such as MITRE, NIST, and cyber kill chain.
• Knowledge of network security (e.g., encryption, next-gen firewalls, authentication, honeypots, perimeter protection).
• Ability to stay updated on the latest security threats, vulnerabilities, and industry trends.
• Knowledge of the Russian language is a plus.
• Knowledge of APT groups is a plus.