DFIR Engagement Manager

Position Overview

• Location Type: Remote
• Employment Type: Full-time
• Salary: Not specified

At-Bay is a fast-growth InsurSec company (Insurance x Cybersecurity) on a mission to bring innovative products to the market that help protect small businesses from digital risks. As an InsurSec provider, we uniquely combine insurance with mission-critical security technologies, threat intelligence, and human expertise, to bridge the critical security capability gap that exists among SMBs in the community. We believe InsurSec is an $80B market opportunity and we are excited to expand our DFIR team in order to help expand our reach and influence in the business and security community, of which we serve 35,000 customers. With At-Bay, our customers experience 5X fewer ransomware attacks. This is just the tip of the iceberg! Click here to learn more about what we're building.

Core Responsibilities

• Engage on behalf of At-bay Security in incident response tasks, interacting with various legal counsel, client executives, and technical teams.
• Utilize standard tools and methodologies to collect forensic artifacts and images from affected systems.
• Perform Windows/Unix/Linux forensics and triage, and network forensics to assess compromise and investigations.
• Apply mitigation strategies and concepts to remediate identified threats.
• Analyze triage collections/artifacts for indicators of compromise (IoCs) and potentially malicious activity.
• Review logs from host systems and appliances to identify suspicious activities.
• Collect forensic disk and memory images from physical and virtual endpoints and servers.
• Perform forensic analysis of physical systems, virtual machines, and network data.
• Understanding of an incident lifecycle and cyber-kill-chain.
• Familiarity with exfiltration techniques used by threat actors.
• Maintain current knowledge on emerging threats and vulnerabilities.
• Analyze files for IOCs using various techniques.
• Conduct limited threat research based on IOCs collected during investigations.
• Understand obfuscation techniques used to conceal malicious commands and traffic, and lateral movement strategies employed by threat actors.
• Collaborate and share information within and across teams and communicate effectively with client managers and executives.
• Write detailed reports and summarize findings clearly and concisely.

Technical Requirements

• 3+ years of experience in digital forensics, incident response, or a similar role.
• 1+ years of experience managing highly skilled DFIR teams members.
• Strong knowledge of Windows and Unix/Linux operating systems.
• Expertise in threat hunting, network forensics, and EDR / EPP technologies.
• Skilled in forensic acquisition and analysis of physical and virtual systems.
• Advanced understanding of networking, routing, and firewall operations.
• Understanding of business email compromise (BEC) cases and investigation techniques.
• Industry certifications such as MCFE, ENCE, ACE, GCFA, GCIH, GNFA, GCFE are preferred.

Application Instructions

• [Instructions on how to apply would be included here if available]