DFIR Expert

Our mission at Cyberbit is to develop cutting-edge cyber simulations by mimicking real-world threat groups, investigating their attack patterns, and translating that information into practical cyber exercises.

We utilize commercial-grade security tools to train cyber professionals in industry-standard detection, response, and attack mitigation techniques. Our clients include Fortune 500 companies, universities, governments, and militaries worldwide.

The ideal candidate will possess a comprehensive analytical abilities and understanding of cyber security attack vectors, vulnerabilities, and exploits, as well as be well-versed in identifying and mitigating common network security threats. We are looking for a candidate with a proven track record of working with security analysis technologies (e.g. SIEM, FW, AV, IPS, EDR) and a deep understanding of relevant procedures, policies, and industry investigational best practices.

Responsibilities:

Design and investigate cyber-attack scenarios for training and simulation purposes by reproducing malicious attack campaigns, mitigations, and investigation flows.
Develop investigation methodologies based on industry best practices to counter new cyber threats and techniques.
Conduct research and analysis on Tactics, Techniques, and Procedures (TTPs) employed by malicious actors in order to educate and train users on defense against live attacks.
Work collaboratively with a diverse team of experts including offensive security researchers, software developers, security analysts, security experts, DevOps, and technical writers to achieve project goals.

Requirements:

At least 2 years of professional experience in the Incident Response field - Must.
Experience in one or more of the following areas: Digital Forensics (including Malware Analysis), Memory/Host/Network Forensics, Incident Response, Cloud Security - Must.
Knowledge of Windows and Linux internals - Must.
Proven experience in writing technical security reports, mainly incident response or forensic reports - Must.
Outstanding English language proficiency, both verbal and written- Must.
A team player.
Extensive experience triaging and responding to incidents using CrowdStrike, Carbon Black or Microsoft Defender.
Experience working with Splunk SIEM, QRadar or Microsoft Sentinel for incident response purposes.
Hands-on experience with cloud platforms such as Microsoft Azure, Amazon Web Services (AWS) or Google Cloud Platform (GCP) - Advantage.
Experience with scripting languages such as Python, PowerShell, or Bash - Advantage.
Hands-on experience analysing malware (through static and dynamic means) - Advantage.
Experience in training and teaching others in the field of cybersecurity - Advantage.
Any GIAC certification - Advantage.

Re:
Raanana, Zarhin 24, building E, 4th floor

You will love working with us:

We were ranked as the #16 best place to work with in Israel out of all tech companies, and #25 out of ALL companies in Israel in 2022!
We’re well funded, and have raised $100M so far
We provide growth opportunities – some of our best managers have grown in the organization
We love a good party, so you can expect themed happy hours, holiday toasts, parties, and water fights
And no – we won’t throw massive dance parties with top international DJs, but we’ll know each and every one of you by name, and whenever there’s a personal reason to celebrate, or when something went wrong, we’ll be there for you.