Dell Cybersecurity Incident Response Threat Hunting Senior Advisor in Romania
Cybersecurity Incident Response Threat Hunting Senior Advisor
The Cybersecurity Incident and Response Team (CSIRT) is currently experiencing incredible growth in order to meet the security needs of the world’s largest technology company. With team members located in over 15 countries, you will have an excellent opportunity to influence the security culture at Dell and further develop your career.
Dell is a worldwide provider of information technology services and business solutions to a broad range of clients. We seek men and women who share our values, thrive in a team environment, and recognize the importance of accountability; people who strive to exceed expectations to ensure our Clients' success.
We are currently seeking a Cybersecurity Incident Response Threat Hunting Senior Advisor to join our Cybersecurity Incident and Response Team (CSIRT) based in Romania (Remote) .
What you’ll achieve
This role is responsible for investigating and reporting security incidents supporting all Dell business units and mergers & acquisitions. This role requires experience in all phases of Cybersecurity Incident Response lifecycle. The Cybersecurity Intelligence & Response Team (CSIRT) under Security & Resiliency team is responsible for coordinating with IT, Legal, Human Resources, and other appropriate business units to gather incident details, assess impact, and coordinate response. This role requires experience and expertise in the field since it is an escalation point.
As part of the CSIRT team, during major incidents, you will be involved into the IR process to help on incident investigation, performing forensics activities, and utilizing structured methodologies to respond to threats
Threathunting - using a holistic approach to analyze threats, based on, but not limited to, internal threat intelligence reports and/or open-source articles and reports related to new security threats, but not limited to: derive actionable indicators - IOCs and TTPs; define threat hunting hypothesis based on derived indicators; define threat hunting content for detection and/or monitoring solutions (EDR - RSA ECAT, CarbonBlack; SIEM - Splunk); define testing scenarios for hunting and/or detection content before pushing into pre-production: simulate TPs and normal activities (FP whitelisting purposes); retro-hunting based on the indicators related to a threat actor
Threat hunting - maintain and develop the existent custom threat hunting automation system, propose and develop any automation mechanism that can increase the process efficiency: use scripting language to automate hunting mechanism for threats (eg. PowerShell, Python); develop new components that can be integrated with existent custom and/or COTS solutions used within CSIRT; monitor the results of the automated hunts and develop hunting reports
Threat hunting - Create and/or work incidents and/or investigations for suspicious and/or true positives found during hunting activities. True Positives, as being hunting results for a specific threat, will be analyzed/worked by threat hunting analyst and results will be disseminated to the relevant and/or other involved teams from CSIRT
Threat hunting - create reports based on the threat hunting activities findings; executive reports to be included into periodically threat team reporting and/or technical reports to be included into related incident/investigation IR reporting
Threat hunting - analyze the threat hunting detections only content hits and statistics, create accuracy and efficiency reports and propose new content to be transition to alerts for IR teams, using Agile methodology for the entire process; Incident response - during incident investigations, the analyst will actively participate in incident response process, executing forensic investigations activities: Analyze computer data, network traffic, e-mail activity, integrity and logs; Work with forensic tools to image hard drives, uncover files and present in a format for legal purposes; Properly document legal hold and other e-discovery activities
Take the first step towards your dream career!
Every Dell Technologies team member brings something unique to the table. Here’s what we are looking for with this role:
3+ years of professional experience or equivalent combination of education/experience
Bachelor’s degree in Information Systems, or a related field or relevant experience
Strong knowledge and understanding of Tactics, Techniques, and Procedures (TTP) used as means of profiling a certain threat actor
Excellent problem-solving skills with the ability to assess and derive threat hunting hypothesis using, but not limited to, threat intelligence reports and analysis
Strong knowledge of networking, infrastructure and application security fundamentals, concepts, and frameworks
Individuals with relevant Security (e.g. GCFA, GCIH, GNFA, GCWN, GCUX, GCIA, CISSP, Security+, CCNP, eJPT, eCTHP, etc.) certifications preferred
Previous hands-on experience with or knowledge of incident response procedures and/or best practices and/or knowledge of security infrastructure (firewalls, proxy, etc.) is a plus
Here’s our story; now tell us yours
Dell Technologies helps organizations and individuals build a brighter digital tomorrow. Our company is made up of more than 150,000 people, located in over 180 locations around the world. We’re proud to be a diverse and inclusive team and have an endless passion for our mission to drive human progress.
What’s most important to us is that you are respected, feel like you can be yourself and have the opportunity to do the best work of your life -- while still having a life. We offer excellent benefits, bonus programs, flexible work arrangements, a variety of career development opportunities, employee resource groups, and much more.
We started with computers, but we didn’t stop there. We are helping customers move into the future with multi-cloud, AI and machine learning through the most innovative technology and services portfolio for the data era. Join us and become a part of what’s next in technology, starting today.
You can also learn more about us by reading our latest Diversity and Inclusion Report and our plan to make the world a better place by 2030 here (https://jobs.dell.com/diversity-and-inclusion) .
Dell is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Dell are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Dell will not tolerate discrimination or harassment based on any of these characteristics. Dell encourages applicants of all ages. Read the full Employment Opportunity Policy here (https://jobs.dell.com/equal-employment-opportunity-policy) .