SOC Researcher

Компания "Лаборатория Касперского"

Responsibility:

• Actively hunt for Indicators of Compromise (IOC), Indicators of Attack (IoA) and APT Tactics, Techniques, and Procedures (TTP) in the network and in the host
• Search network in flow, PCAP, logs, EDR and NFT (network forensics tool) telemetry for evidence of cyber-attack patterns, and hunt for Advanced Persistent Threats (APT)
• Create detailed Incident Reports and contribute to lessons learned in collaboration with the appropriate team

Mandatory expertise:

• Practical experience in the identification and investigation of information security incidents, development of recommendations to prevent similar incidents in the future
• Understanding of the methods, tools and processes to respond to information security incidents
• Experience in network traffic and log-files analysis from various sources
• Knowledge of current threats, vulnerabilities, typical of attacks on information systems and tools to implement them, as well as methods for their detection and response
• Practical experience in forensics artefact analysis (HDD and memory dumps)
• Candidates should possess strong written and oral communications skills

Desirable expertise:

• Creation, validation, and deployment of correlation rules for SIEMs, signatures or rules for IDS/IPS/NGAV/NGFW
• Performing static or dynamic malware analysis, and interacting with data from malware analysis tools
• Experience with Use case management framework: MaGMa, MITRE ATT&CK, etc
• Knowledge of network protocols, the architectures of modern operating systems and information security technologies
• Proficiency in python or PowerShell scripting (for both localized automation and analysis of)