Careers with CyberMaxx

SENIOR INCIDENT RESPONSE CONSULTANT | DIGITAL FORENSICS & INCIDENT RESPONSE 

POSITION SUMMARY

A client calls in crisis. Their network team identified an unusual 2TB spike in traffic from their production Microsoft SQL server and confirmed it was not a backup job and such a spike had never previously been observed. Their internal SOC performed triage and found that ntds.dit was dumped on the primary domain controller around the same time MSSQL data was exfiltrated. There are 30,000 users in their Active Directory environment, 10+ user VPNs spanning the globe, and multiple site-to-site tunnels to business partners. You are invited to join an emergency conference call with the CISO, all heads of engineering, and inside counsel. They look to you to manage the crisis. Are you confident in the cockpit? If so, we should talk. 

CyberMaxx Digital Forensics & Incident Response Team is part of CyberMaxx's Offensive Security department and works closely with our Blue Team and Compliance departments. We are looking for a senior full-time employee to join us and lead cases like the one described above. 

Between large cases, the person in this role will help with service maturity and development, threat-hunting MDR clients, and automation development. 

• Incident response delivery. Manage the full life-cycle of an incident including crisis management, containment, incident project management, threat hunting, remediation, and developing recommendations.
• Incident leadership. Capable of quickly creating an action plan, prioritizing, keeping teams on task, following through with commitments, and having the patience to see long complex tasks through to completion. Understand large complex production environments quickly and help make impromptu production decisions with clients.
• Exceptional communication skills. Bedside manner. Able to remain level-headed under pressure and strike the right balance between giving a calming effect and driving everyone toward the end goal. Able to convey technical matters to non-technical leadership, Providing customers and internal teams with status updates. Emotional maturity in difficult interactions. Create and present reports that tell the full incident story.
• Forensics. Confident in performing memory analysis, full disk forensics, and using a variety of security tooling on Linux, Windows, and OSX.
• Threat hunting. Threat hunt in customer environments as directed. Identify potential breaches and investigate until resolution. Threat hunt during large incidents but also in customer environments that subscribe to our Threat Hunting service.
• DFIR service development. Improve and grow CyberMaxxs' DFIR service offerings. Establish partnerships with cyber insurers and foster relationships with partners in the incident ecosystem. Work towards technical automation where possible. Further mature processes/playbooks. Develop additional IOCs and watchlists.
• Attend/present at conferences, and contribute to blog posts and GitHub, and industry events. 

• Experience in senior-level DFIR position. Vast production experience expected. Track record of leading large-scale incident response where thousands of assets are affected. Experience working with outside counsel and client senior leadership.
• Deeply technical. This position requires strong soft skills, but technical excellence is the top requirement. Instill confidence in clients you know what you are doing and earn trust.
• Corporate production operations experience. Able to make difficult decisions with clients in production environments, understanding the impact, risks, and making the right judgment calls. Above-average understanding of Active Directory, virtualization platforms, database servers, network topology, and software distribution storage.
• Exceptional troubleshooting and analytical abilities
• Seniority with Linux and Windows. Must have strong practical experience in both environments.
• Senior-level network experience. PCAP interpretation and parsing, understanding of L1-8 protocols
• IOC development. Effective with sigma, yara, and suricata. Bro experience is a plus.
• Some scripting experience. Capable with Python or PowerShell. Able to parse files and interact with APIs.
• Some reverse engineering. We have gifted reverse engineers but the person in this role should be able to do a basic static and dynamic analysis of untrusted executables, scripts, and blobs
• Cloud experience. Familiarity with AWS, Microsoft, and other popular cloud service logs, acquisition, and analysis
• Knowledge of TTP. Deep familiarity with Windows lateral movement, persistence, attack patterns in event logs, and OS internals
• Execute memory and full disk forensics on all major platforms. Familiarity with tools like log2timeline, timesketch, plaso, ELK, Graylog
• Familiarity with forensics for civil litigation and HR investigations
• Fluency in at least one EDR or SIEM platform such as SentinelOne, CrowdStrike, Carbon Black, Endgame, and Cortex.
• Flexible schedule. CyberMaxx offers a lot of freedom around the schedule, but when a P1 incident is in progress, be willing to work hours that the situation demands. Comp time will be provided so a work-life balance is maintained.
• Great written and verbal communication
• Comfortable with online collaboration-based workflow. Encrypted chat is used to collaborate with remote colleagues and reports are written as a group in many cases
• Discretion. We work on extremely sensitive subjects that cannot be discussed outside, and in some cases, even among coworkers.
• Ability to occasionally travel. Our team's workload is predominately remote but for occasional onsite requirements senior staff needs to be able to travel to client locations and maintain a good image for the company and team 

HIGHLIGHT OF CYBERMAXX'S BENEFITS | PERKS 

• 100% remote work: Anywhere in the US or Ireland
• Medical, dental, and vision coverage
• 401(k) with match
• Telephone and/or internet reimbursement
• Tuition Reimbursement
• Life Insurance
• HSA/FSA available
• Paid Training
• Flexible PTO 

We are a company that cares deeply for its employees, and we understand that all of us have lives outside of work. We encourage a balanced life, and we’ll do everything we can to ensure you find us a welcoming, inclusive company. We encourage people of all backgrounds and identities to apply.

ABOUT CYBERMAXX 

CyberMaxx provides operational cybersecurity solutions that protect large healthcare, financial services, and other security-sensitive organizations' technology assets. We prevent, detect, and respond to cyber-attacks through 24/7/365 managed security services so our clients can spend their time, talent, and budget on running their businesses without worrying about being in the headlines.

With more than 20 years of experience, we have been consistently rated as one of the tops Managed Detection and Response (MDR) Service Providers in the US, and have been named a Perennial “Best Places to Work” by the Nashville Business Journal and The Tennessean and is one of the CIOReview’s Top 20 Most Promising Cyber Security Solution Providers.

CyberMaxx is a great place to work and we have the awards and people to prove it! As one of the fastest-growing companies since our inception, we know that people are the key to maintaining our success. Our people, culture, benefit options, growth opportunities, and not to mention that we are located in some pretty amazing cities in Tennessee, all come together to make us a TOP Work Place!