Job Details

Head of Cybersecurity Incident Response at cloud.ru in Moscow. Requires 5+ years of experience in Incident Response/Digital Forensics. Salary discussed at interview.

• Line management of a team of 3-4 experts • Investigation of cybersecurity incidents of any complexity (Windows, Linux, AD, network, cloud); • Collection and analysis of artifacts: logs, memory, network traffic, OS artifacts, EDR/SIEM data; • Implementation and use of tools for automated triage; • Building and developing the Incident Response process: playbooks, SLA; • Development of methodologies and automation of incident triage; • Interaction with internal teams during investigations; • Preparation of detailed incident reports with recommended measures for their elimination/prevention in the future.

• Experience in management/mentorship/team lead; • 5+ years of experience in Incident Response / Digital Forensics; • Ability to conduct investigations: Windows, Linux, AD, networks, cloud; • Experience in memory and disk forensics; • Experience applying triage tools and ability to build their use in IR processes; • Knowledge of MITRE ATT&CK, understanding of attacker TTPs; • Network traffic analysis skills; • SIEM working skills; • Experience in developing and applying IR playbooks, documenting incidents; • Threat Hunting experience; • Knowledge of container and cloud environments.