• 6+ years experience in a SOC, Incident Response, or Forensics role
• Ability to explain possible complex alerts/events in a non-complex way, both written and verbal
• Proven mentoring experience and skills to junior team members, helping them to grow individually and as a team
• Understanding of Malware Analysis (Configuration of isolated Malware Analysis VM, Identification of File Formats, Basic Static & Dynamic analysis)
• Demonstrated experience with Windows and/or MacOS as an attack surface
• Strong understanding and experience with Threat Actor Tools and techniques: (MITRE ATT&CK Framework, PowerShell & Command Prompt Terminals, WMIC, Scheduled Tasks, SCM, Windows Domain and host Enumeration Techniques, Basic Lateral Movement Techniques, Basic Persistence Mechanisms, Basic Defense Evasion Techniques, other offensive/Red Team TTPs)
• Strong experience with Windows Administration or Enterprise Domain Administration and upkeep (Active Directory, Group Policy, PowerShell, Windows Server Update Service, and Domain Trusts)
• Strong experience with M365/Cloud attack techniques
• Demonstrated equivalent of self-guided study experience or Bachelor’s degree in Information Technology, Computer Science, System Administration, or Cyber Security

Desirable

• In this role, you will triage, investigate, respond to, and remediate intrusions daily.
• You’ll be surrounded by passionate individuals who are mission-driven to help protect companies worldwide from cyber-attacks.
• This person will also mentor junior team members, allowing them to grow individually and as a team
• You will have daily opportunities to progress your analysis skills while being at the forefront of what’s happening in the wild.
• With the chance to work on various incidents alongside a skilled team, you’ll have the opportunity to accelerate your career and skills, too
• Function as the lead liaison between the SOC and other Product and Research teams
• Build automation to help reduce the workload on the SOC through report template creation
• Own and complete investigative objectives associated with multi-host intrusions without assistance
• Triage, investigate, and respond to alerts coming in from the Huntress platform
• Perform tactical forensic timelining and analysis to determine the root cause of attacks where possible and provide remediations needed to remove the threat
• Perform advanced malware analysis as part of investigating systems and identities
• Investigate suspicious Microsoft M365 activity and provide remediations
• Assist in escalations from the product support team for threat-related and SOC-relevant questions
• Assist our SOC Support team by engaging with customers via video/phone to explain or describe activity observed by the SOC when needed
• Contribute to detection efforts by helping to create or request net new detections as well as tuning detections
• Provide technical mentorship of more junior team members
• Contribute regularly to external facing Huntress content such as blogs, webinars, presentations, and speaking engagements