Senior Tactical Response Analyst - West Coast

3-5 years working in SOC, MDR, Threat Hunting, or Incident Response Experience leading or participating in Incident Response engagements for external customers Experience with tools such as osquery, Velociraptor, or leveraging EDRs for forensic artifact analysis Confident command of forensic tools (e.g., Ericzimmerman’s EZ tools, RegRipper, Hayabusa, Chainsaw) and artifacts (e.g., prefetch, jumplists, shellbags) Deep understanding of offensive security tradecraft (persistence, lateral movement, credential theft, remote access) Confidently able to track threat actors and timeline activity Strong familiarity with detection languages (Sigma, Suricata, Snort, Yara) Familiarity with OSINT sources Strong familiarity with query languages (KQL, EQL, ES|QL, Splunk SPL) Intermediate malware analysis skills Intermediate knowledge of Windows internals Intermediate knowledge of Linux and macOS internals is a bonus Strong understanding of current threat landscape, initial access brokers, ransomware actors Passionate and involved with the community (blogs, social media, conferences) Experience with scripting (PowerShell, Python, Bash, PHP, JavaScript, Ruby) Demonstrable experience providing written/verbal customer-facing deliverables Experience with detection and response in cloud environments (Microsoft M365/Azure) Comfortable using Git to contribute to internal projects

Lead or support tactical incident response engagements Perform live analysis on systems to determine intrusion root cause Craft reports summarizing intrusions and next steps Research, develop, and test new tooling (automations, scripts) Perform intermediate malware analysis Perform OSINT as part of response efforts Contribute to content creation (blogs, videos, podcasts, webinars) Contribute to community-driven projects and frameworks (MITRE ATT&CK, HijackLibs, LOLBAS Project) Speak with customers to explain findings