Dfir Operational Leader - Remote

Summary

The Digital Forensics Incident Response (DFIR) Operational Leader will be responsible for overseeing operations related to the Security Operations Center (SOC), Cyber Threat Intelligence (CTI) and TA Communications (TA Comms) functions. This individual will lead a team of security experts in ensuring that all incident response activities are conducted in a timely, effective, and professional manner. The ideal candidate will have a deep understanding of the latest digital forensics and incident response technologies, best practices, and methodologies.

Roles And Responsibilities

• Train CTI, TA Comms and SOC leaders and teams on new processes.
• Refining roles and responsibilities amongst SOC team members to drive clarity and efficiency.
• Establish and refine process.
• Develop and execute business plans for DFIR-specific strategic initiatives.
• Identify and implement process improvements.
• Ensure compliance with KPIs, and SLAs.
• Oversee onshore and offshore DFIR SOC, CTI and TA Comms functions.
• Support overall DFIR financial performance by managing SOC, CTI and TA Comms teams to agreed financial targets.
• Create DFIR Engagement playbooks and handbooks for SOC, CTI and TA Comms.
• Monitor and identify industry trends, raising internal awareness to trends impacting Arete and our clients and partners.
• Integrate a Threat Intelligence Program (TIP) to enrich events by properly tagging (through previously ingested and tagged DFIR IOCs, various feeds, and Joe Sandbox results) IOCs and TTPs
• In Partnership with the SVP, DFIR Operations
• Foster a culture of collaboration and real-time information sharing.
• Collaborate with leaders across DFIR, Managed Services, and Business Development to ensure seamless, consistent client experience.
• Tech-Enablement
• Establish requirements for existing CTI, TA Comms and SOC tooling to create increased efficiency and resource capacity within DFIR.
• Integrate new and existing CTI, SOC and TA Comms tools, technologies, and capabilities into other DFIR departments and workflows.
• Develop internal training/process documentation.
• Integrate a SOAR into Standard Operating Procedure to automate resolution of events and actions.
• Identify resource needs and capacity and oversee hiring, training, and evaluating SOC, CTI, and TA Comms Staff.
• Establish KPIs, SLAs, and audit key.
• Perform departmental audits.
• Define DFIR process requirements for SOC, CTI and TA Comms.

DISCLAIMER

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be an exhaustive list of all responsibilities, duties and skills required personnel so classified.

Skills And Knowledge

• Ingest, store, organize and analyze network data from firewalls, network sensors, virtual appliances, and other data capture mechanisms.
• Ability to build a team that conducts CSINT.
• Ability to analyze network traffic PCAPs.
• Experience with negotiations.
• Ability to analyze memory dumps from systems.
• People management skills
• Ability to develop countermeasures to detect and block software.
• Technical Skills
• Architect telemetry data from DFIR Client EDR sensors into Elastic or Splunk to aggregate and correlate events.
• Threat Hunting, Threat Intelligence, DarkWeb Research, and Human Intelligence, Red Team, Blue Team.
• Demonstrate managerial competencies in leadership, execution, delegation, analysis, teamwork, coaching/development, customer service, planning/organizing, flexibility, stress tolerance, and communication.
• Ability to reverse engineer malware.

Job Requirements

• Experience taking ownership of business outcomes.
• Master’s degree in Cybersecurity, Technology, or a Business-related field.
• Experience managing budgets, gross margin, and profitability.
• Ability to collaborate with cross-functional business units to execute an overall enterprise strategy.

Preferred Qualifications

• Demonstrated familiarity with Cyber Insurance Channel.
• Ability to uphold relationships with trusted partners and third parties.
• Extensive Client-facing experience.
• Business Development and Sales experience.

WORK ENVIRONMENT

While performing the responsibilities of this position, the work environment characteristics listed below are representative of the environment the employee will encounter: Usual office working conditions. Reasonable accommodation may be made to enable people with disabilities to perform the essential functions of this job.

PHYSICAL DEMANDS

• Light work: Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force as frequently as needed to move objects.
• No physical exertion required.
• Travel within or outside of the state.

TERMS OF EMPLOYMENT

Salary and benefits shall be paid consistent with Arete salary and benefit policy.

FLSA OVERTIME CATEGORY

Job is exempt from the overtime provisions of the Fair Labor Standards Act.

Arete Incident Response is an outstanding (and growing) company with a very dedicated, fun team. We offer competitive salaries, fully paid benefits including Medical/Dental, Life/Disability Insurance, 401(k) and the opportunity to work with some of the latest and greatest in the fast-growing cyber security industry.

When you join Arete…

You’ll be doing work that matters alongside other talented people, transforming the way people, businesses, and things connect with each other. Of course, we will offer you great pay and benefits, but we’re about more than that. Arete is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Arete, where experience matters.

Equal Employment Opportunity

We’re proud to be an equal opportunity employer- and celebrate our employees’ differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.