Advyz – Senior Incident Response Consultant
New cybersecurity threats are constantly surfacing, and countless organizations are being targeted every day. As we frequently see in the news, attempts to prevent attacks do not always work, and so the need for incident response is more critical than ever. Come join an organization dedicated to helping its clients become better prepared to handle these incidents and face today’s cyber threats.
At Entisys360, you will have the opportunity to harness your experience and skills to fortify the incident response capabilities of not just one organization, but many, and in fields that truly matter such as healthcare, financial services, and others. Your impact will be broad as you enable your clients to respond to incidents efficiently, effectively, and with confidence.
As an integral part of Entisys360’s growing cyber risk division, you will be able to shape the direction of our cyber risk business and explore innovative approaches and technologies for detecting, responding to, and recovering from incidents. You will be empowered to make a true impact on our business, our clients, and the cybersecurity industry.
Entisys360 is a dynamic and entrepreneurial consulting company that offers ample opportunities for professional development and growth suited to each individual’s personal and professional goals. We offer internal, and subsidize external, trainings, and reimburse the cost of technology certification exams and / or renewals. Our family-founded business sees work life fit as a core value that all of our practitioners practice – the value you add to your team is more important than the time that you ‘clock in and out.’ You will have numerous opportunities to interface with senior leadership, and benefit from mentorship internally or through introductions through external networks to support your growth.
The work you will do for our clients
- Leverage your experience and knowledge of incident response leading practices and frameworks (e.g., NIST SP 800-61, SANS, MITRE ATT&CK) to assist in the assessment and development of incident response capabilities across all phases of the incident lifecycle (preparation through eradication)
- Build presentations and other materials for client presentations and workshops, and support their delivery
- Identify and recommend technologies to support client incident response processes, and work with technology partners to facilitate their implementation
- Develop and refine incident response policies, standards, plans, playbooks, and standard operating procedures based on client needs
- Support the testing of incident response capabilities through tabletop exercises and other simulations
- Work with our delivery partners to conduct advanced computer and network forensic investigations relating to various forms of malware, computer intrusion, theft of information, denial of service, data breaches, etc., create detailed and insightful incident reports, and assist in identifying and remediating gaps
- Provide guidance and advice regarding cyber incidents, forensics, and incident response
- Monitor and report on progress in completing projects and deliverables
The work you will do for our business
- Maintain awareness and understanding of evolving threats and intrusion trends to provide subject matter expertise and insight to clients about industry attack trends and defenses
- Maintain awareness of technologies that support the incident response process, and the relative strengths and weaknesses of those technologies
- Identify and attend training to keep skills up to date
- Create methods and frameworks to support sales of our professional services
- Build presales materials such as proposals and statements of work
- Support pre and post sales meetings and presentations with our clients
- Consistently deliver engagements against established schedules and budgets, coordinating with our team and delivery partners
- Help to build eminence materials and support their publication and delivery
- Identify opportunities to improve our internal processes and recommend changes
- Mentor and motivate team members to provide outstanding client service
- Help define and bring to market new offerings and capabilities
- Understand the scope of services provided by our cyber risk division and identify opportunities within our client base to deliver more services
- Bachelor’s degree in cybersecurity or other related discipline and 5+ years of cybersecurity experience
- Minimum of 3 years of experience in two or more of the following:
- Incident response and handling
- Computer/Network forensics
- Data/network analysis
- Malware analysis
- Intrusion analysis and prevention
- Security operations
- Experience with computer/network forensics tools (e.g., EnCase, Magnet, Wireshark)
- Experience with SIEM/Log Management tools (e.g., Splunk, Sumo Logic, Exabeam, Elastic, Sentinel)
- Experience with one or more Infrastructure-as-a-Service (“IaaS”), Platform-as-a-Service (“PaaS”), or Software-as-a-Service (“SaaS”) providers such as Microsoft and Amazon Web Services
- One or more industry certifications: CISSP, GCIH, GCFA, GCDA, CHFI, GNFA, etc.
- Willing and able to travel to client locations up to 50%
- Strong oral and written communication skills
- Ability to gauge the audience and speak at appropriate levels
- Ability to put complex concepts in a clear and concise form
- Delivery of presentations to both small and large groups, and in virtual or in person settings
- Excellent time management skills
- Ability to set priorities and meet obligations in a timely manner
- Background check required
The following list is examples of desired skills, the most competitive candidates should have a combination of these skills but are not required to have all of them.
- Master’s degree in cybersecurity or other related discipline
- 5+ years of cybersecurity experience as a consultant
- Deep understanding of network defense principles, common attack vectors, incident response methodologies, log analysis, and attacker techniques
- Expert knowledge of incident response guidance and tools such as NIST 800-61 or SANS Incident Response Process
- Experience with using MITRE ATT&CK, particularly in the context of Incident Response
- Experience with enterprise security products such as Endpoint Detection and Response (“EDR”), network intrusion detection/prevention systems (“NIPS” or “NIDS”), and Security Orchestration, Automation, and Response (“SOAR”) products
- Experience performing Incident Response services over cloud services (IaaS, PaaS, SaaS)
- Experience with security services of major cloud providers
- Ability to deliver multiple projects at a time
- Two or more industry certifications: CISSP, GCIH, GCFA, GCDA, CHFI, GNFA, etc.
- One forensics certification: EnCE, MCFE
- Ideally located in Southern California or expected travel up to 50% post COVID-19 travel restrictions
- Due to demands of our clients, we are presently implementing a COVID-19 vaccination policy that requires vaccinations for all employees
This is a client facing role. You will be required to travel to client locations up to 50% to deliver professional services when needed.