Sygnia is a top tier cyber technology and services company, providing high-end consulting and incident response support for organizations worldwide. Sygnia works with companies to proactively build their cyber resilience and to respond and defeat attacks within their networks. It is the trusted advisor and cyber security service provider of IT and security teams, senior managements, and boards of top organizations worldwide, including Fortune 100 companies.
The company draws on top talent from the ranks of elite military technology units and from across the cyber industry and has some of the world’s top talents in cyber security. Described by Forbes as a “cyber security delta force”, it applies technological supremacy, digital combat experience, data analytics and a business-driven mindset to cyber security, enabling organizations to excel in the age of cyber.
Sygnia is looking for highly capable Incident Preparedness Expert to join a team of cybersecurity experts that support Sygnia’s Incident Response Retainer program throughout all phases of the Incident Response life cycle to ensure preparedness and proper response to security incidents. The role includes client interactions as well as conducting forensic analysis, investigation and response to real-world cyber threats. The suitable candidate should be a team player with previous experience in SOC, SecOps, IR or security monitoring including cyber consultancy roles, independent, and with a “can-do” attitude.
As Sygnia IR Retainer program must operate continuously, the Incident Preparedness Expert may be required to work off hours as required, with a potential traveling to clients.
Main Responsibilities
· Manage and conduct onboarding meetings to understand client’s technological environment, security stack and IR practices.
· Set expectations, develop and communicate the service timeline to external and internal stakeholders, and own the onboarding process and tasks.
· Participate in forensic and incident response investigations, including log analysis, host and network-based forensics and malware analysis.
· Investigate security incidents under defined service level agreements and objectives.
· Identify indicators of compromise (IOCs) and tools, tactics, and procedures (TTPs) to help ascertain whether and how breaches have occurred.
· Work with clients to prioritize and differentiate if the identified security incident poses a risk and requires activation, or a false alarm.
· Maintain client portfolios, conduct initial scoping calls and activation exercises with clients.
· Collaborate with IT and Security teams during investigations.
· 2-3 years of a relevant experience in the cyber security field from military service and/or industry in cyber defense roles.
· Strong analytical thinker, problem-solving mindset, and ability to succeed in a dynamic environment.
· High level of independence and proactive approach
· Proven ability to prioritize tasks and meet deadlines, with tolerance for multitasking
· Demonstrated understanding of the life cycle of advanced security threats, attack vectors and methods of exploitation.
· Strong technical understanding of network fundamentals, common Internet protocols and system and security controls.
· Familiarity of system and security controls, including basic knowledge of host-based forensics and OS artifacts.
· Hands-on experience / familiarity working with SIEM technologies. (e.g. Splunk, QRadar, ArcSight, Exabeam, etc.)
· Good familiarity of common data and log sources for monitoring, detection and analysis (e.g., Event Logs, Firewall, EDR).
· Hands-on experience in data analysis (preferably network traffic or log analysis) in relevant data analysis and data science platforms (Jupyter, Splunk, pandas, SQL)
· Excellent documentation, reporting and presenting skills, with the ability to prepare detailed incident reports for management and stakeholders.
· Familiarity with cloud infrastructure, web application and servers – advantage
· Fluent English (written, spoken) – a must.
