Job Description

Hello ,

My name is Rajat , and I am a Technical Recruiter at K-Tek Resourcing . We are searching for professionals for the below business requirements for one of our clients.

Please send me your updated resume at - rajat.rathore@ktekresourcing.com

Role- Security Operations Analyst -L3

Work Location- Remote is fine but Work / Shift timing will be California time

Technical Requirements / JD:

Query & Investigations:

Extensive experience in SIEM query building, complex query writing (such as subqueries, conditions, etc.), data pivoting (via queries, excel, notepad++, etc.), data parsing and manipulation.

Cyber Investigation and Threat Hunting Skills:

understanding how to investigate different types of attack/compromise scenarios, isolate associated risks (and enumerate potential CoA’s & responses actions: such as network contain hosts, reimage assets, rotate accounts, revoke tokens, reset sessions, etc.). The response actions should be tailored to risk, dictated by indications of compromise identified, dictated by the specific attack scenario identified (e.g. advanced malware, info-stealers, phishing, malicious links in email, ransomware, hacking software such as mimikatz, cobalt, meterpreter, impacket, PS empire, AD enum tools etc.), which is alluded to by the monitoring content triggered (i.e. security event).

Threat Intelligence :

general understanding about threat actors (criminal orgs, advanced persistent actors (APT – other national sovereign states), ransomware groups, targets/victims, verticals, TLP ratings, intelligence integration into cyber operations and how to use that, etc.

CyberOps Toolset :

Should have advanced understanding of the following toolsets by category (not brand) and express that experience/depth of understanding, in the interview:

• EDR – process trees, disk operations, network connections, commandlines run, load & run state of binaries and DLL’s, duration, actions applied, process IDs, etc. Also advanced experience running queries in EDR
• SIEM – as stated above regarding advanced query building/writing and pivoting skills. In addition, should have advanced experience building content rules in SIEM (per patterns identified).
• Sandbox – how to submit various artifacts/links etc. and how to interpret the reports which require understanding of WinAPI’s
• Cloud – both AWS and Google GCP, general knowledge regarding compute (EC2, Compute Engine), storage (S3, Cloud Storage), and databases (RDS, Cloud SQL) as well as serverless computing (AWS Lambda, Cloud Functions) – should be familiar with CloudTrail and GuardDuty datasets and how to investigate and pivot those.
• Email Proxy – experience regarding email based research and investigation – phishing, malicious emails, content, artifacts, downloads, campaigns

Special Knowledge Sets of Interest to Customer/Industry:

• General understanding regarding AD – Domain Controllers, their role, their function, what they store, how authentication is achieved, how service requests are processed, etc.
• AD Attacks – ntds.dit, golden ticket, pass the hash, pass the ticket, krbtgt account compromise, how to perform privilege escalation attacks (various techniques) etc.
• Associated AD attack tools – bloodhound, sharphound, mimikatz, ntdsutile.exe, impacket suite, etc.

Job Tags

Similar Jobs