Consultant - Defensive Capability

Summary

Join SpecterOps as a mid-level to senior defensive consultant and serve on the Consulting Services team as analysts, detection engineers, and program developers.

Responsibilities

• Create evasion-resilient detections based on independent research alongside supporting resources, documentation, and automation
• Evaluate existing detection content in client environments and make improvements as necessary
• Evaluate the maturity of common security operations roles and functions, including: threat intelligence, threat hunting, detection engineering, SOC operations, incident response, and security engineering
• Utilize common security tooling, including: EDR, SIEM, and live response tools
• Utilize and provide guidance regarding common telemetry sources, including: EDR, Sysmon, Windows Event Logging, SIEM, WAF, IDS/IPS, cloud platforms (Azure, AWS, GCP), and others
• Build scripts, tools, or methodologies to enhance investigation processes
• Serve as a subject matter expert (SME) in one of the following areas: detection engineering, network, memory, and/or disk forensics, log analysis, malware triage, or reverse engineering
• Effectively communicate successes and obstacles with fellow team members and team lead(s)
• Interface with client contact(s) and staff in a constructive and professional manner
• Develop comprehensive and accurate reports and presentations for both technical and executive audiences
• Effectively communicate investigative findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
• Assist with scoping prospective engagements, participating in investigations from kickoff through remediation, and mentoring less experienced staff
• Contribute new or improve existing content for SpecterOps training courses and assist in the delivery of course offerings (instruction, student support, etc.)
• Create and deliver at least two pieces of content a year (e.g., blog post, conference presentation, workshop, or webinar)