Sr.Security Engineer-Incident Response
Apply NowCompany: Alphalogic, Inc.
Location: Washington, DC 20011
Description:
Company Description
Alphalogic is a global technology solutions company headquartered in the Washington, DC metropolitan area. Alphalogic offers a wide range of technology and consulting services; predictive analytics, data warehousing & BI, cloud consulting, web & mobile application development.
Cutting-edge Technologies
Our company's core competencies are cloud and mobile computing; healthcare solutions and services; data warehousing-analytics- business intelligence; and enterprise collaboration-content management. Alphalogic teams are continually deploying emerging technologies to meet our clients' current challenges.
Industry Best Practices
Alphalogic specializes in the effective use of industry-standard frameworks such Agile, for helping our clients achieve quick wins and reduce cycle times.
Job Description
Conduct thorough investigative actions based on security events and remediation as dictated by standard operating procedures. Participate in all the phases of Incident Response process, including detection, containment, eradication, and post-incident reporting. Record detailed Incident Response activities in the Incident Case Management System. Review automated daily security reports of key security controls, identify anomalies and, escalate critical security events to the appropriate stakeholders and follow-up as required. Wherever required perform memory forensics. Document vulnerabilities and Exploits used while analyzing a malware. Analyze, evaluate, and document malicious code behavior. Identify commonalities and differences between malware samples for purposes of grouping or classifying for attribution purposes. Develop tools to identify a 0-day malware based on various characteristics of a file format. Assist the COT lead in developing Incident Response Toolkit.
Qualifications
Minimum 10 years overall with 7 years of Information Security experience required, out of which the individual has worked with CSIRT for a minimum period of 2 years and at least 2 years conducting some form of malware analysis.
Understanding of how operating systems work and how malware exploits them. Understanding of network traffic and be able to analyze network traffic introduced by the malware.
Past exposure to APT type malware and financial crime malware such as Zeus and Spyeye etc. Experience in researching vulnerabilities and exploits.
Experience in writing quick scripts using Perl, Python, or TCL/TK. Thorough understanding of Windows Internals and memory management.
Knowledge of common hacking tools and techniques. Experience in understanding and analyzing various log formats from various sources.
Experience in analyzing reports generated of SIM/SEM tools.
Proficient experience with the following concepts and related toolsets: - Network sniffers - Process analysis tools - Registry analysis tools - File analysis tools - Memory analysis tools Individuals who have worked in night shift and in a security operations center would be preferred.
GIAC Certified Intrusion Analyst (GCIA) or GIAC Certified Incident Handler (GCIH). Certified Information Systems Security Professional (CISSP).
Additional Information
Due to the nature of this contract, candidates with U.S. Citizenship or GC Holders are encouraged to apply. All your information will be kept confidential according to EEO guidelines.
Alphalogic is a global technology solutions company headquartered in the Washington, DC metropolitan area. Alphalogic offers a wide range of technology and consulting services; predictive analytics, data warehousing & BI, cloud consulting, web & mobile application development.
Cutting-edge Technologies
Our company's core competencies are cloud and mobile computing; healthcare solutions and services; data warehousing-analytics- business intelligence; and enterprise collaboration-content management. Alphalogic teams are continually deploying emerging technologies to meet our clients' current challenges.
Industry Best Practices
Alphalogic specializes in the effective use of industry-standard frameworks such Agile, for helping our clients achieve quick wins and reduce cycle times.
Job Description
Conduct thorough investigative actions based on security events and remediation as dictated by standard operating procedures. Participate in all the phases of Incident Response process, including detection, containment, eradication, and post-incident reporting. Record detailed Incident Response activities in the Incident Case Management System. Review automated daily security reports of key security controls, identify anomalies and, escalate critical security events to the appropriate stakeholders and follow-up as required. Wherever required perform memory forensics. Document vulnerabilities and Exploits used while analyzing a malware. Analyze, evaluate, and document malicious code behavior. Identify commonalities and differences between malware samples for purposes of grouping or classifying for attribution purposes. Develop tools to identify a 0-day malware based on various characteristics of a file format. Assist the COT lead in developing Incident Response Toolkit.
Qualifications
Minimum 10 years overall with 7 years of Information Security experience required, out of which the individual has worked with CSIRT for a minimum period of 2 years and at least 2 years conducting some form of malware analysis.
Understanding of how operating systems work and how malware exploits them. Understanding of network traffic and be able to analyze network traffic introduced by the malware.
Past exposure to APT type malware and financial crime malware such as Zeus and Spyeye etc. Experience in researching vulnerabilities and exploits.
Experience in writing quick scripts using Perl, Python, or TCL/TK. Thorough understanding of Windows Internals and memory management.
Knowledge of common hacking tools and techniques. Experience in understanding and analyzing various log formats from various sources.
Experience in analyzing reports generated of SIM/SEM tools.
Proficient experience with the following concepts and related toolsets: - Network sniffers - Process analysis tools - Registry analysis tools - File analysis tools - Memory analysis tools Individuals who have worked in night shift and in a security operations center would be preferred.
GIAC Certified Intrusion Analyst (GCIA) or GIAC Certified Incident Handler (GCIH). Certified Information Systems Security Professional (CISSP).
Additional Information
Due to the nature of this contract, candidates with U.S. Citizenship or GC Holders are encouraged to apply. All your information will be kept confidential according to EEO guidelines.