Incident Response Principal
Posted on 4/4/2023

501-1,000 employees

United States
Experience Level
  • ZeroFox seeks an Incident Response Principal to leverage their experience and skills to deliver cybersecurity guidance and services to clients preparing and responding to cyber incidents
  • In this role, you will use your deep understanding of both existing and emerging threat actors, as well as experience identifying rapidly changing tools, tactics and procedures of attackers
  • You bring specialized experience with the desire to learn more
  • The successful candidate will be passionate about cyber security, digital investigations and continuous learning and possess sound business judgment, strong consulting skills, and current technical skills
  • Candidates will be expected to be skilled at responding to cybersecurity incidents under tight deadlines and be able to explain technical concepts to a non-technical audience
  • Investigate network intrusions and other cybersecurity incidents to understand the cause and extent of the breach
  • Perform host-based and network-based analysis across all major operating systems and network device platforms
  • Produce high-quality oral and written work products based on analysis
  • Assist with internal practice development and training initiatives
  • Ability to perform malware analysis
  • Develop and refine policies and procedures for forensic and malware analysis
  • Experience with scripting and command-line tools
  • Ability to provide after-hours support as needed
Desired Qualifications
  • Conduct technical investigations including acquisition, triage, and analysis
  • Strong written and oral communication skills; comfortable with providing briefings and presentations
  • Deploy security tools to assist with detecting, responding, containing, and remediating threats
  • Able to solve problems in fast-paced situations and implement countermeasures
  • Experience writing detections and perform threat hunting using EDR and SIEM technologies
  • Familiarity with the Mitre ATT&CK framework
  • Security related certifications preferred (GIAC GCIH, GCFA, CISSP, CEH, etc.)
  • 5+ years of hand-on experience in digital forensics and incident response